CVE-2020-7534

Published: Feb 4, 2022Modified: May 28, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)

Affected (10)

Products: Schneider Electric: Modicon M340 Bmxp342020 Firmware, 140cpu65 Firmware, Tsxp57 Firmware, Bmxnoc0401 Firmware, Bmxnoe01 Firmware, Bmxnor0200h Firmware, 140noe77111 Firmware, 140noc78000 Firmware, Tsxety5103 Firmware, Tsxety4103 Firmware

Schneider Electric

10 products

Modicon M340 Bmxp342020 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp342020 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp342020	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu65 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140cpu65	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxp57	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmxnoc0401 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmxnoc0401	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmxnoe01 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmxnoe01	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmxnor0200h Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmxnor0200h	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140noe77111 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140noe77111	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140noc78000 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140noc78000	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxety5103 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxety5103	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxety4103 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxety4103	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.