critical
10
CWE
22
Advisory Published
Updated

CVE-2014-0754: Path Traversal

First published: Fri Oct 03 2014(Updated: )

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Schneider-electric Stbnic2212 Firmware
Schneider-electric Stbnic2212
Schneider-electric Stbnip2212 Firmware
Schneider-electric Stbnip2212
Schneider-electric Tsxetc0101 Firmware
Schneider-electric Tsxetc0101
Schneider-electric Tsxetc100 Firmware
Schneider-electric Tsxetc100
Schneider-electric Tsxp573623mc Firmware
Schneider-electric Tsxp573623mc
Schneider-electric Tsxety110ws Firmware
Schneider-electric Tsxety110ws
Schneider-electric Tsxp574634m Firmware
Schneider-electric Tsxp574634m
Schneider-electric Tsxety110wsc Firmware
Schneider-electric Tsxety110wsc
Schneider-electric Tsxp574823am Firmware
Schneider-electric Tsxp574823am
Schneider-electric Tsxety4103 Firmware
Schneider-electric Tsxety4103
Schneider-electric Tsxp574823m Firmware
Schneider-electric Tsxp574823m
Schneider-electric Tsxety4103c Firmware
Schneider-electric Tsxety4103c
Schneider-electric Tsxp574823mc Firmware
Schneider-electric Tsxp574823mc
Schneider-electric Tsxety5103 Firmware
Schneider-electric Tsxety5103
Schneider-electric Tsxp575634m Firmware
Schneider-electric Tsxp575634m
Schneider-electric Tsxety5103c Firmware
Schneider-electric Tsxety5103c
Schneider-electric Tsxp576634m Firmware
Schneider-electric Tsxp576634m
Schneider-electric Tsxetz410 Firmware
Schneider-electric Tsxetz410
Schneider-electric Tsxwmy100 Firmware
Schneider-electric Tsxwmy100
Schneider-electric Tsxetz510 Firmware
Schneider-electric Tsxetz510
Schneider-electric Tsxwmy100c Firmware
Schneider-electric Tsxwmy100c
Schneider-electric Tsxntp100 Firmware
Schneider-electric Tsxntp100
Schneider-electric Modicon M580 Bmxnoc0402 Firmware
Schneider-electric Modicon M580 Bmxnoc0402
Schneider-electric Modicon M340 Bmxnoe0100 Firmware
Schneider-electric Modicon M340 Bmxnoe0100
Schneider-electric Modicon M340 Bmxnoe0110 Firmware
Schneider-electric Modicon M340 Bmxnoe0110
Schneider-electric Modicon M340 Bmxnoe0110h Firmware
Schneider-electric Modicon M340 Bmxnoe0110h
Schneider-electric Modicon M340 Bmxnor0200h Firmware
Schneider-electric Modicon M340 Bmxnor0200h
Schneider-electric Modicon M340 Bmxp342020 Firmware
Schneider-electric Modicon M340 Bmxp342020
Schneider-electric Modicon M340 Bmxp342020h Firmware
Schneider-electric Modicon M340 Bmxp342020h
Schneider-electric Modicon M340 Bmxp342030 Firmware
Schneider-electric Modicon M340 Bmxp342030
Schneider-electric Modicon M340 Bmxp3420302 Firmware
Schneider-electric Modicon M340 Bmxp3420302
Schneider-electric Modicon M340 Bmxp3420302h Firmware
Schneider-electric Modicon M340 Bmxp3420302h
Schneider-electric Modicon M340 Bmxp342030h Firmware
Schneider-electric Modicon M340 Bmxp342030h
Schneider-electric Modicon M340 Bmxnoc0401 Firmware
Schneider-electric Modicon M340 Bmxnoc0401
Schneider-electric 171ccc96020 Firmware
Schneider-electric 171ccc96020
Schneider-electric 171ccc96020c Firmware
Schneider-electric 171ccc96020c
Schneider-electric 171ccc96030 Firmware
Schneider-electric 171ccc96030
Schneider-electric 171ccc96030c Firmware
Schneider-electric 171ccc96030c
Schneider-electric 171ccc98020 Firmware
Schneider-electric 171ccc98020
Schneider-electric 171ccc98030 Firmware
Schneider-electric 171ccc98030
Schneider-electric Tsxp571634m Firmware
Schneider-electric Tsxp571634m
Schneider-electric Tsxp572634m Firmware
Schneider-electric Tsxp572634m
Schneider-electric Tsxp573634m Firmware
Schneider-electric Tsxp573634m

Remedy

http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203