Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-9xpp-gwq4-78fj
Vulnerability from github
Published
2022-05-13 01:03
Modified
2025-08-26 00:31
VLAI Severity ?
Details
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
{
"affected": [],
"aliases": [
"CVE-2014-0754"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-10-03T18:55:00Z",
"severity": "HIGH"
},
"details": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.",
"id": "GHSA-9xpp-gwq4-78fj",
"modified": "2025-08-26T00:31:08Z",
"published": "2022-05-13T01:03:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0754"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
},
{
"type": "WEB",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/70193"
}
],
"schema_version": "1.4.0",
"severity": []
}
CVE-2014-0754 (GCVE-0-2014-0754)
Vulnerability from cvelistv5
Published
2014-10-03 18:00
Modified
2025-08-25 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | Ethernet modules for M340, Quantum and Premium PLC ranges |
Version: 140CPU65150 Version: 140CPU65160 Version: 140CPU65260 Version: 140NOC77100 Version: 140NOC78000 Version: 140NOC78100 Version: 140NOE77100 Version: 140NOE77101 Version: 140NOE77101C Version: 140NOE77110 Version: 140NOE77111 Version: 140NOE77111C Version: 140NWM10000 Version: 170ENT11001 Version: 170ENT11002 Version: 170ENT11002C Version: 171CCC96020 Version: 171CCC96020C Version: 171CCC96030 Version: 171CCC96030C Version: 171CCC98020 Version: 171CCC98030 Version: BMXNOC0401 Version: BMXNOC0402 Version: BMXNOE0100 Version: BMXNOE0110 Version: BMXNOE0110H Version: BMXNOR0200H Version: BMXP342020 Version: BMXP342020H Version: BMXP342030 Version: BMXP3420302 Version: BMXP3420302H Version: BMXP342030H Version: BMXPRMxxxx Version: STBNIC2212 Version: STBNIP2212 Version: TSXETC0101 Version: TSXETC100 Version: TSXETY110WS Version: TSXETY110WSC Version: TSXETY4103 Version: TSXETY4103C Version: TSXETY5103 Version: TSXETY5103C Version: TSXETZ410 Version: TSXETZ510 Version: TSXNTP100 Version: TSXP572623M Version: TSXP572623MC Version: TSXP572823M Version: TSXP572823MC Version: TSXP573623AM Version: TSXP573623M Version: TSXP573623MC Version: TSXP574634M Version: TSXP574823AM Version: TSXP574823M Version: TSXP574823MC Version: TSXP575634M Version: TSXP576634M Version: TSXWMY100 Version: TSXWMY100C Version: TSXP571634M Version: TSXP572634M Version: TSXP573634M |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ethernet modules for M340, Quantum and Premium PLC ranges",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "140CPU65150"
},
{
"status": "affected",
"version": "140CPU65160"
},
{
"status": "affected",
"version": "140CPU65260"
},
{
"status": "affected",
"version": "140NOC77100"
},
{
"status": "affected",
"version": "140NOC78000"
},
{
"status": "affected",
"version": "140NOC78100"
},
{
"status": "affected",
"version": "140NOE77100"
},
{
"status": "affected",
"version": "140NOE77101"
},
{
"status": "affected",
"version": "140NOE77101C"
},
{
"status": "affected",
"version": "140NOE77110"
},
{
"status": "affected",
"version": "140NOE77111"
},
{
"status": "affected",
"version": "140NOE77111C"
},
{
"status": "affected",
"version": "140NWM10000"
},
{
"status": "affected",
"version": "170ENT11001"
},
{
"status": "affected",
"version": "170ENT11002"
},
{
"status": "affected",
"version": "170ENT11002C"
},
{
"status": "affected",
"version": "171CCC96020"
},
{
"status": "affected",
"version": "171CCC96020C"
},
{
"status": "affected",
"version": "171CCC96030"
},
{
"status": "affected",
"version": "171CCC96030C"
},
{
"status": "affected",
"version": "171CCC98020"
},
{
"status": "affected",
"version": "171CCC98030"
},
{
"status": "affected",
"version": "BMXNOC0401"
},
{
"status": "affected",
"version": "BMXNOC0402"
},
{
"status": "affected",
"version": "BMXNOE0100"
},
{
"status": "affected",
"version": "BMXNOE0110"
},
{
"status": "affected",
"version": "BMXNOE0110H"
},
{
"status": "affected",
"version": "BMXNOR0200H"
},
{
"status": "affected",
"version": "BMXP342020"
},
{
"status": "affected",
"version": "BMXP342020H"
},
{
"status": "affected",
"version": "BMXP342030"
},
{
"status": "affected",
"version": "BMXP3420302"
},
{
"status": "affected",
"version": "BMXP3420302H"
},
{
"status": "affected",
"version": "BMXP342030H"
},
{
"status": "affected",
"version": "BMXPRMxxxx"
},
{
"status": "affected",
"version": "STBNIC2212"
},
{
"status": "affected",
"version": "STBNIP2212"
},
{
"status": "affected",
"version": "TSXETC0101"
},
{
"status": "affected",
"version": "TSXETC100"
},
{
"status": "affected",
"version": "TSXETY110WS"
},
{
"status": "affected",
"version": "TSXETY110WSC"
},
{
"status": "affected",
"version": "TSXETY4103"
},
{
"status": "affected",
"version": "TSXETY4103C"
},
{
"status": "affected",
"version": "TSXETY5103"
},
{
"status": "affected",
"version": "TSXETY5103C"
},
{
"status": "affected",
"version": "TSXETZ410"
},
{
"status": "affected",
"version": "TSXETZ510"
},
{
"status": "affected",
"version": "TSXNTP100"
},
{
"status": "affected",
"version": "TSXP572623M"
},
{
"status": "affected",
"version": "TSXP572623MC"
},
{
"status": "affected",
"version": "TSXP572823M"
},
{
"status": "affected",
"version": "TSXP572823MC"
},
{
"status": "affected",
"version": "TSXP573623AM"
},
{
"status": "affected",
"version": "TSXP573623M"
},
{
"status": "affected",
"version": "TSXP573623MC"
},
{
"status": "affected",
"version": "TSXP574634M"
},
{
"status": "affected",
"version": "TSXP574823AM"
},
{
"status": "affected",
"version": "TSXP574823M"
},
{
"status": "affected",
"version": "TSXP574823MC"
},
{
"status": "affected",
"version": "TSXP575634M"
},
{
"status": "affected",
"version": "TSXP576634M"
},
{
"status": "affected",
"version": "TSXWMY100"
},
{
"status": "affected",
"version": "TSXWMY100C"
},
{
"status": "affected",
"version": "TSXP571634M"
},
{
"status": "affected",
"version": "TSXP572634M"
},
{
"status": "affected",
"version": "TSXP573634M"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2014-09-30T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDirectory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.\u003c/p\u003e"
}
],
"value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T23:45:03.684Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "70193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70193"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
},
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePlease see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\u003c/a\u003e. for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\u003c/p\u003e\u003cp\u003eThis vulnerability disclosure can be downloaded at the following URL:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/\"\u003ehttp://www.schneider-electric.com/ww/en/download/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Please see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01 . for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\n\nThis vulnerability disclosure can be downloaded at the following URL:\u00a0 http://www.schneider-electric.com/ww/en/download/"
}
],
"source": {
"advisory": "ICSA-14-273-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSearch downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\u003c/p\u003e\n\u003cp\u003eSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\u003c/li\u003e\n\u003cli\u003eDisable Port 80 (HTTP) on modules where it is possible.\u003c/li\u003e\n\u003cli\u003eBlock Port 80 in firewalls to these devices, except for trusted devices.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease contact Schneider Electric Customer Care Center for more information.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Search downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\n\n\nSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\n\n\n\n * Use a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\n\n * Disable Port 80 (HTTP) on modules where it is possible.\n\n * Block Port 80 in firewalls to these devices, except for trusted devices.\n\n\n\n\nPlease contact Schneider Electric Customer Care Center for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70193"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"name": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0754",
"datePublished": "2014-10-03T18:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-08-25T23:45:03.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…