|
Description
|
|
A vulnerability has been reported in multiple Schneider Electric modules, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error within the built-in web server and can be exploited to bypass basic HTTP authentication and gain otherwise restricted access to the affected device.
Please see the vendor's advisory for a list of affected products and firmware versions.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable OS:
Schneider Electric M340 Series ModulesSchneider Electric Modicon Quantum Series ModulesSchneider Electric Premium Series ModulesVulnerable Software:
|
|
|
|
|
|
Solution
|
|
Update to a fixed firmware version. Please see the vendor's advisory for details.
|
|
|
|
|
|
CVE
|
|
CVE-2014-0754
|
|
|
|
|
|
References
|
|
Schneider Electric:
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01
ICS-CERT:
https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
