Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote malicious users to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
schneider-electric modicon quantum plc 140noe77101 |
||
schneider-electric modicon quantum plc 140nwm10000 |
||
schneider-electric modicon quantum plc 140noe77111 |
||
schneider-electric modicon m340 bmxnoe0100x |
||
schneider-electric modicon m340 bmxnoe011xx |
||
schneider-electric modicon m340 bmxnoc0401 |
||
schneider-electric modicon premium tsxety5103 |
||
schneider-electric modicon premium tsxwmy100 |
||
schneider-electric modicon premium tsxety4103 |
Vulmon