CVE-2020-7541

MEDIUM

Modicon - Info Disclosure

Title source: llm

Description

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.

References (1)

[Vendor Advisory] https://www.se.com/ww/en/download/document/SEVD-2020-343-03/

Scores

CVSS v3 5.3

EPSS 0.0031

EPSS Percentile 54.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-425

Status published

Products (20)

schneider-electric/140cpu65150_firmware < 6.1

schneider-electric/140noc77101_firmware < 1.08

schneider-electric/140noc78000_firmware < 1.74

schneider-electric/140noc78100_firmware < 1.74

schneider-electric/140noe77111_firmware < 7.1

schneider-electric/bmxnoc0401_firmware < 2.10

schneider-electric/bmxnoe0100_firmware < 3.3

schneider-electric/bmxnoe0110_firmware < 6.5

schneider-electric/modicon_m340_bmxp341000_firmware < 3.30

schneider-electric/modicon_m340_bmxp342000_firmware < 3.30

... and 10 more

Published Dec 11, 2020

Tracked Since Feb 18, 2026