CVE-2013-0663: CSRF
First published: Thu Apr 04 2013(Updated: )
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Modicon Quantum Plc | =140noe77101 | |
| Schneider-electric Modicon Quantum Plc | =140noe77111 | |
| Schneider-electric Modicon Quantum Plc | =140nwm10000 | |
| Schneider-electric Modicon M340 | =bmxnoc0401 | |
| Schneider-electric Modicon M340 | =bmxnoe011xx | |
| Schneider-electric Modicon M340 | =bmxnoe0100x | |
| Schneider-electric Modicon Premium | =tsxety4103 | |
| Schneider-electric Modicon Premium | =tsxety5103 | |
| Schneider-electric Modicon Premium | =tsxwmy100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf
- http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/
- http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper
- https://www.exploit-db.com/exploits/44678/
- collector/nvd-index
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric modicon quantum plc
- version/schneider-electric modicon quantum plc/140noe77101
- version/schneider-electric modicon quantum plc/140noe77111
- version/schneider-electric modicon quantum plc/140nwm10000
- canonical/schneider-electric modicon m340
- version/schneider-electric modicon m340/bmxnoc0401
- version/schneider-electric modicon m340/bmxnoe011xx
- version/schneider-electric modicon m340/bmxnoe0100x
- canonical/schneider-electric modicon premium
- version/schneider-electric modicon premium/tsxety4103
- version/schneider-electric modicon premium/tsxety5103
- version/schneider-electric modicon premium/tsxwmy100