Path Traversal in Schneider Electric Ethernet Modules For M340, Quantum And Premium Plc Ranges
CVE-2014-0754
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE011…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.090 (94.6th percentile) — read the EPSS interpretation.
Affected products
- Schneider Electric Ethernet Modules For M340, Quantum And Premium Plc Ranges — versions STBNIC2212, TSXETY110WSC, BMXP342030
- Schneider-electric 171ccc96020
- Schneider-electric 171ccc96020c
- Schneider-electric 171ccc96020c_firmware
- Schneider-electric 171ccc96020_firmware
- Schneider-electric 171ccc96030
- Schneider-electric 171ccc96030c
- Schneider-electric 171ccc96030c_firmware
- Schneider-electric 171ccc96030_firmware
- Schneider-electric 171ccc98020
Weakness classification (CWE)
Public proof-of-concept exploits
References
- ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- ics-cert@hq.dhs.gov
- ics-cert@hq.dhs.gov
- af854a3a-2127-422b-91ae-364da2661108 (Patch, Vendor Advisory)
- af854a3a-2127-422b-91ae-364da2661108 (Third Party Advisory, US Government Resource)
Frequently asked questions
- What is CVE-2014-0754?
- CVE-2014-0754 is a vulnerability in Schneider Electric Ethernet Modules For M340, Quantum And Premium Plc Ranges, classified under Path Traversal. Published 2014-10-03.
- Is CVE-2014-0754 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.