A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
schneider-electric modicon_m340_bmxp341000_firmware |
||
schneider-electric modicon_m340_bmxp342000_firmware |
||
schneider-electric modicon_m340_bmxp3420102_firmware |
||
schneider-electric modicon_m340_bmxp3420102cl_firmware |
||
schneider-electric modicon_m340_bmxp342020_firmware |
||
schneider-electric modicon_m340_bmxp3420302_firmware |
||
schneider-electric modicon_m340_bmxp3420302cl_firmware |
||
schneider-electric bmxnoe0100_firmware |
||
schneider-electric bmxnoe0110_firmware |
||
schneider-electric 140noe77101_firmware |
||
schneider-electric 140noe77111_firmware |
||
schneider-electric 140cpu65150_firmware |
||
schneider-electric 140cpu65160_firmware |
||
schneider-electric 140noc78000_firmware |
||
schneider-electric 140noc78100_firmware |
||
schneider-electric 140noc77101_firmware |
||
schneider-electric tsxp574634_firmware |
||
schneider-electric tsxp575634_firmware |
||
schneider-electric tsxp576634_firmware |
||
schneider-electric tsxety4103_firmware |
||
schneider-electric tsxety5103_firmware |