← Back

CVE-2013-0663

nvd nist
Published: Apr 4, 2013Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

Affected (9)

Schneider Electric
3 products
Modicon Quantum Plc
Modicon M340
Modicon Premium
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Modicon Quantum Plc
Version 140noe77101
Modicon Quantum Plc
Version 140noe77111
Modicon Quantum Plc
Version 140nwm10000
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Modicon M340
Version bmxnoc0401
Modicon M340
Version bmxnoe0100x
Modicon M340
Version bmxnoe011xx
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Modicon Premium
Version tsxety4103
Modicon Premium
Version tsxety5103
Modicon Premium
Version tsxwmy100

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

Source: ics-cert@hq.dhs.gov
US Government Resource
Source: ics-cert@hq.dhs.gov
Vendor Advisory
Source: ics-cert@hq.dhs.gov
Vendor Advisory
Source: ics-cert@hq.dhs.gov
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.