1. Home
  2. CVE Database
  3. CVE-2015-6461
MEDIUM · 5.4

CVE-2015-6461

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP3...

Vulnerability Description

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Schneider-ElectricBmxnoc0401 Firmware-
Schneider-ElectricBmxnoc0401-
Schneider-ElectricBmxnoe0100 Firmware-
Schneider-ElectricBmxnoe0100-
Schneider-ElectricBmxnoe0110 Firmware-
Schneider-ElectricBmxnoe0110-
Schneider-ElectricBmxnoe0110H Firmware-
Schneider-ElectricBmxnoe0110H-
Schneider-ElectricBmxnor0200H Firmware-
Schneider-ElectricBmxnor0200H-
Schneider-ElectricModicon M340 Bmxp342020 Firmware-
Schneider-ElectricModicon M340 Bmxp342020-
Schneider-ElectricModicon M340 Bmxp342020H Firmware-
Schneider-ElectricModicon M340 Bmxp342020H-
Schneider-ElectricModicon M340 Bmxp342030 Firmware-
Schneider-ElectricModicon M340 Bmxp342030-
Schneider-ElectricModicon M340 Bmxp3420302 Firmware-
Schneider-ElectricModicon M340 Bmxp3420302-
Schneider-ElectricModicon M340 Bmxp3420302H Firmware-
Schneider-ElectricModicon M340 Bmxp3420302H-

Related Weaknesses (CWE)

CWE-20CWE-98

References

FAQ

What is CVE-2015-6461?

CVE-2015-6461 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP3...

How severe is CVE-2015-6461?

CVE-2015-6461 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-6461?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Bmxnoc0401 Firmware, Schneider-Electric Bmxnoc0401, Schneider-Electric Bmxnoe0100 Firmware, Schneider-Electric Bmxnoe0100, Schneider-Electric Bmxnoe0110 Firmware.