CVE-2020-7534: CSRF
First published: Fri Feb 04 2022(Updated: )
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)
Credit: cybersecurity@se.com cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Bmxp342020 Firmware | ||
| Schneider-electric Bmxp342020 | ||
| Schneider-electric 140cpu65 Firmware | ||
| Schneider-electric 140cpu65 | ||
| Schneider-electric Tsxp57 Firmware | ||
| Schneider-electric Tsxp57 | ||
| Schneider-electric Bmxnoc0401 Firmware | ||
| Schneider-electric Bmxnoc0401 | ||
| Schneider-electric Bmxnoe01 Firmware | ||
| Schneider-electric Bmxnoe01 | ||
| Schneider-electric Bmxnor0200h Firmware | ||
| Schneider-electric Bmxnor0200h | ||
| Schneider-electric 140noe77111 Firmware | ||
| Schneider-electric 140noe77111 | ||
| Schneider-electric 140noc78000 Firmware | ||
| Schneider-electric 140noc78000 | ||
| Schneider-electric Tsxety5103 Firmware | ||
| Schneider-electric Tsxety5103 | ||
| Schneider-electric Tsxety4103 Firmware | ||
| Schneider-electric Tsxety4103 | ||
| All of | ||
| Schneider-electric Modicon M340 Bmxp342020 Firmware | ||
| Schneider-electric Modicon M340 Bmxp342020 | ||
| All of | ||
| Schneider-electric 140cpu65 Firmware | ||
| Schneider-electric 140cpu65 | ||
| All of | ||
| Schneider-electric Tsxp57 Firmware | ||
| Schneider-electric Tsxp57 | ||
| All of | ||
| Schneider-electric Bmxnoc0401 Firmware | ||
| Schneider-electric Bmxnoc0401 | ||
| All of | ||
| Schneider-electric Bmxnoe01 Firmware | ||
| Schneider-electric Bmxnoe01 | ||
| All of | ||
| Schneider-electric Bmxnor0200h Firmware | ||
| Schneider-electric Bmxnor0200h | ||
| All of | ||
| Schneider-electric 140noe77111 Firmware | ||
| Schneider-electric 140noe77111 | ||
| All of | ||
| Schneider-electric 140noc78000 Firmware | ||
| Schneider-electric 140noc78000 | ||
| All of | ||
| Schneider-electric Tsxety5103 Firmware | ||
| Schneider-electric Tsxety5103 | ||
| All of | ||
| Schneider-electric Tsxety4103 Firmware | ||
| Schneider-electric Tsxety4103 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-7534?
CVE-2020-7534 is a Cross-Site Request Forgery (CSRF) vulnerability that exists on the web server used, potentially leading to unauthorized actions or a leak of sensitive data.
Which products are affected by CVE-2020-7534?
Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with BMXP34XXXX Firmware: All Versions.
What is the severity of CVE-2020-7534?
CVE-2020-7534 has a severity rating of 8.8 out of 10 (high).
How can CVE-2020-7534 be exploited?
CVE-2020-7534 can be exploited through a Cross-Site Request Forgery (CSRF) attack.
How can I mitigate the risk of CVE-2020-7534?
To mitigate the risk of CVE-2020-7534, it is recommended to implement proper CSRF defenses, such as using anti-CSRF tokens and validating the referer header.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/schneider-electric
- canonical/schneider-electric bmxp342020 firmware
- canonical/schneider-electric bmxp342020
- canonical/schneider-electric 140cpu65 firmware
- canonical/schneider-electric 140cpu65
- canonical/schneider-electric tsxp57 firmware
- canonical/schneider-electric tsxp57
- canonical/schneider-electric bmxnoc0401 firmware
- canonical/schneider-electric bmxnoc0401
- canonical/schneider-electric bmxnoe01 firmware
- canonical/schneider-electric bmxnoe01
- canonical/schneider-electric bmxnor0200h firmware
- canonical/schneider-electric bmxnor0200h
- canonical/schneider-electric 140noe77111 firmware
- canonical/schneider-electric 140noe77111
- canonical/schneider-electric 140noc78000 firmware
- canonical/schneider-electric 140noc78000
- canonical/schneider-electric tsxety5103 firmware
- canonical/schneider-electric tsxety5103
- canonical/schneider-electric tsxety4103 firmware
- canonical/schneider-electric tsxety4103
- canonical/schneider-electric modicon m340 bmxp342020 firmware
- canonical/schneider-electric modicon m340 bmxp342020