CVE-2020-7533 - Vulnerability Details

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	140cpu65260 140cpu65260 Firmware 140noc77101 140noc77101 Firmware 140noc78000 140noc78000 Firmware 140noe77111 140noe77111 Firmware Bmxnoc0401 Bmxnoc0401 Firmware Bmxnoe0100 Bmxnoe0100 Firmware Bmxnoe0110 Bmxnoe0110 Firmware Modicon M340 Bmxp341000 Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420302 Modicon M340 Bmxp3420302 Firmware Tsxety4103 Tsxety4103 Firmware Tsxety5103 Tsxety5103 Firmware Tsxp574634 Tsxp574634 Firmware Tsxp575634 Tsxp575634 Firmware Tsxp576634 Tsxp576634 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf&p_Doc_Ref=SEVD-2020-287-01&p_enDocType=Security+and+Safety+Notice
https://www.se.com/ww/en/download/document/SEVD-2020-287-01/

History

Tue, 10 Jun 2025 08:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-255

Tue, 10 Jun 2025 08:15:00 +0000

Type	Values Removed	Values Added
Description	A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.	CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
Weaknesses		CWE-287
References		https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf&p_Doc_Ref=SEVD-2020-287-01&p_enDocType=Security+and+Safety+Notice

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2020-12-01T14:47:02

Updated: 2025-06-10T08:02:15.209Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7533

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-01T15:15:12.190

Modified: 2025-06-10T08:15:21.423

Link: CVE-2020-7533

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object