← Back

CVE-2015-6462

nvd nist
Published: Mar 21, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.

Affected (11)

Schneider Electric
11 products
Bmxnoc0401 Firmware
Bmxnoe0100 Firmware
Bmxnoe0110 Firmware
Bmxnoe0110h Firmware
Bmxnor0200h Firmware
Modicon M340 Bmxp342020 Firmware
Modicon M340 Bmxp342020h Firmware
Modicon M340 Bmxp342030 Firmware
Modicon M340 Bmxp3420302 Firmware
Modicon M340 Bmxp3420302h Firmware
Modicon M340 Bmxp342030h Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bmxnoc0401 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Bmxnoc0401
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bmxnoe0100 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Bmxnoe0100
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bmxnoe0110 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Bmxnoe0110
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bmxnoe0110h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Bmxnoe0110h
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bmxnor0200h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Bmxnor0200h
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmxp342020 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmxp342020
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmxp342020h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmxp342020h
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmxp342030 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmxp342030
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmxp3420302 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmxp3420302
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmxp3420302h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmxp3420302h
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmxp342030h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmxp342030h
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.