Vulnerability Description
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Bmxnoc0401 Firmware | - |
| Schneider-Electric | Bmxnoc0401 | - |
| Schneider-Electric | Bmxnoe0100 Firmware | - |
| Schneider-Electric | Bmxnoe0100 | - |
| Schneider-Electric | Bmxnoe0110 Firmware | - |
| Schneider-Electric | Bmxnoe0110 | - |
| Schneider-Electric | Bmxnoe0110H Firmware | - |
| Schneider-Electric | Bmxnoe0110H | - |
| Schneider-Electric | Bmxnor0200H Firmware | - |
| Schneider-Electric | Bmxnor0200H | - |
| Schneider-Electric | Modicon M340 Bmxp342020 Firmware | - |
| Schneider-Electric | Modicon M340 Bmxp342020 | - |
| Schneider-Electric | Modicon M340 Bmxp342020H Firmware | - |
| Schneider-Electric | Modicon M340 Bmxp342020H | - |
| Schneider-Electric | Modicon M340 Bmxp342030 Firmware | - |
| Schneider-Electric | Modicon M340 Bmxp342030 | - |
| Schneider-Electric | Modicon M340 Bmxp3420302 Firmware | - |
| Schneider-Electric | Modicon M340 Bmxp3420302 | - |
| Schneider-Electric | Modicon M340 Bmxp3420302H Firmware | - |
| Schneider-Electric | Modicon M340 Bmxp3420302H | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-6462?
CVE-2015-6462 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BM...
How severe is CVE-2015-6462?
CVE-2015-6462 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6462?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Bmxnoc0401 Firmware, Schneider-Electric Bmxnoc0401, Schneider-Electric Bmxnoe0100 Firmware, Schneider-Electric Bmxnoe0100, Schneider-Electric Bmxnoe0110 Firmware.