← Back

CVE-2013-0664

nvd nist
Published: Apr 4, 2013Modified: Apr 29, 2026

JSON object

Loading...
8.5
Vector
AV:N/AC:M/Au:S/C:C/I:C/A:C
Exploitability: 6.8 / Impact: 10.0
Source: NVD

Description

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.

Affected (4)

Schneider Electric
3 products
Modicon Quantum Plc
Modicon M340
Modicon Premium
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Modicon Quantum Plc
Version 140noe77111
Modicon Quantum Plc
Version 140nwm10000
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Modicon M340
Version bmxnoe0110x
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Modicon Premium
Version tsxety5103

References (6)

Source: ics-cert@hq.dhs.gov
US Government Resource
Source: ics-cert@hq.dhs.gov
Vendor Advisory
Source: ics-cert@hq.dhs.gov
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.