Vulnerability Description
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Stbnic2212 Firmware | - |
| Schneider-Electric | Stbnic2212 | - |
| Schneider-Electric | Stbnip2212 Firmware | - |
| Schneider-Electric | Stbnip2212 | - |
| Schneider-Electric | Tsxetc0101 Firmware | - |
| Schneider-Electric | Tsxetc0101 | - |
| Schneider-Electric | Tsxetc100 Firmware | - |
| Schneider-Electric | Tsxetc100 | - |
| Schneider-Electric | Tsxp573623Mc Firmware | - |
| Schneider-Electric | Tsxp573623Mc | - |
| Schneider-Electric | Tsxety110Ws Firmware | - |
| Schneider-Electric | Tsxety110Ws | - |
| Schneider-Electric | Tsxp574634M Firmware | - |
| Schneider-Electric | Tsxp574634M | - |
| Schneider-Electric | Tsxety110Wsc Firmware | - |
| Schneider-Electric | Tsxety110Wsc | - |
| Schneider-Electric | Tsxp574823Am Firmware | - |
| Schneider-Electric | Tsxp574823Am | - |
| Schneider-Electric | Tsxety4103 Firmware | - |
| Schneider-Electric | Tsxety4103 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/70193Third Party AdvisoryVDB Entry
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01
- http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDoPatchVendor Advisory
- http://www.securityfocus.com/bid/70193Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-0754?
CVE-2014-0754 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before...
How severe is CVE-2014-0754?
CVE-2014-0754 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0754?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Stbnic2212 Firmware, Schneider-Electric Stbnic2212, Schneider-Electric Stbnip2212 Firmware, Schneider-Electric Stbnip2212, Schneider-Electric Tsxetc0101 Firmware.