漏洞标题
N/A
漏洞描述信息
A CWE-200:存在信息暴露漏洞,当攻击者向设备上的Web服务器发送HTTP请求时,可能导致位于Web根目录中的文件的敏感信息泄露。受影响的产品:Modicon M340 CPU:BMXP34(V3.40之前版本)。Modicon M340 X80 Ethernet Communication Modules:BMXNOE0100(H)、BMXNOE0110(H)、BMXNOC0401、BMXNOR0200H RTU(所有版本)。Modicon Premium Processors with integrated Ethernet(Copro):TSXP574634、TSXP575634、TSXP576634(所有版本)。Modicon Quantum Processors with integrated Ethernet(Copro):140CPU65xxxxx(所有版本)。Modicon Quantum Communication Modules:140NOE771x1、140NOC78x00、140NOC77101(所有版本)。Modicon Premium Communication Modules:TSXETY4103、TSXETY5103(所有版本)
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
CVSS信息
N/A
漏洞类别
信息暴露
漏洞标题
Schneider Electric 多款产品信息泄露漏洞
漏洞描述信息
Schneider Electric Modicon Quantum等都是法国施耐德电气(Schneider Electric)公司的产品。Schneider Electric Modicon Quantum是一款用于过程应用、高可用性和安全解决方案的大型可编程逻辑控制器(PLC)。Schneider Electric Modicon M340是一款用于工业过程和基础设施的中程PLC(可编程逻辑控制器)。Schneider Electric Modicon Premium是一个应用于工业环境的可编程控制器
CVSS信息
N/A
漏洞类别
信息泄露