Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-9XPP-GWQ4-78FJ
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2025-08-26 00:31
VLAI?
Details
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
{
"affected": [],
"aliases": [
"CVE-2014-0754"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-10-03T18:55:00Z",
"severity": "HIGH"
},
"details": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.",
"id": "GHSA-9xpp-gwq4-78fj",
"modified": "2025-08-26T00:31:08Z",
"published": "2022-05-13T01:03:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0754"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
},
{
"type": "WEB",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/70193"
}
],
"schema_version": "1.4.0",
"severity": []
}
CVE-2014-0754 (GCVE-0-2014-0754)
Vulnerability from cvelistv5 – Published: 2014-10-03 18:00 – Updated: 2025-08-25 23:45
VLAI?
EPSS
Summary
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | Ethernet modules for M340, Quantum and Premium PLC ranges |
Affected:
140CPU65150
Affected: 140CPU65160 Affected: 140CPU65260 Affected: 140NOC77100 Affected: 140NOC78000 Affected: 140NOC78100 Affected: 140NOE77100 Affected: 140NOE77101 Affected: 140NOE77101C Affected: 140NOE77110 Affected: 140NOE77111 Affected: 140NOE77111C Affected: 140NWM10000 Affected: 170ENT11001 Affected: 170ENT11002 Affected: 170ENT11002C Affected: 171CCC96020 Affected: 171CCC96020C Affected: 171CCC96030 Affected: 171CCC96030C Affected: 171CCC98020 Affected: 171CCC98030 Affected: BMXNOC0401 Affected: BMXNOC0402 Affected: BMXNOE0100 Affected: BMXNOE0110 Affected: BMXNOE0110H Affected: BMXNOR0200H Affected: BMXP342020 Affected: BMXP342020H Affected: BMXP342030 Affected: BMXP3420302 Affected: BMXP3420302H Affected: BMXP342030H Affected: BMXPRMxxxx Affected: STBNIC2212 Affected: STBNIP2212 Affected: TSXETC0101 Affected: TSXETC100 Affected: TSXETY110WS Affected: TSXETY110WSC Affected: TSXETY4103 Affected: TSXETY4103C Affected: TSXETY5103 Affected: TSXETY5103C Affected: TSXETZ410 Affected: TSXETZ510 Affected: TSXNTP100 Affected: TSXP572623M Affected: TSXP572623MC Affected: TSXP572823M Affected: TSXP572823MC Affected: TSXP573623AM Affected: TSXP573623M Affected: TSXP573623MC Affected: TSXP574634M Affected: TSXP574823AM Affected: TSXP574823M Affected: TSXP574823MC Affected: TSXP575634M Affected: TSXP576634M Affected: TSXWMY100 Affected: TSXWMY100C Affected: TSXP571634M Affected: TSXP572634M Affected: TSXP573634M |
Credits
Billy Rios
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ethernet modules for M340, Quantum and Premium PLC ranges",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "140CPU65150"
},
{
"status": "affected",
"version": "140CPU65160"
},
{
"status": "affected",
"version": "140CPU65260"
},
{
"status": "affected",
"version": "140NOC77100"
},
{
"status": "affected",
"version": "140NOC78000"
},
{
"status": "affected",
"version": "140NOC78100"
},
{
"status": "affected",
"version": "140NOE77100"
},
{
"status": "affected",
"version": "140NOE77101"
},
{
"status": "affected",
"version": "140NOE77101C"
},
{
"status": "affected",
"version": "140NOE77110"
},
{
"status": "affected",
"version": "140NOE77111"
},
{
"status": "affected",
"version": "140NOE77111C"
},
{
"status": "affected",
"version": "140NWM10000"
},
{
"status": "affected",
"version": "170ENT11001"
},
{
"status": "affected",
"version": "170ENT11002"
},
{
"status": "affected",
"version": "170ENT11002C"
},
{
"status": "affected",
"version": "171CCC96020"
},
{
"status": "affected",
"version": "171CCC96020C"
},
{
"status": "affected",
"version": "171CCC96030"
},
{
"status": "affected",
"version": "171CCC96030C"
},
{
"status": "affected",
"version": "171CCC98020"
},
{
"status": "affected",
"version": "171CCC98030"
},
{
"status": "affected",
"version": "BMXNOC0401"
},
{
"status": "affected",
"version": "BMXNOC0402"
},
{
"status": "affected",
"version": "BMXNOE0100"
},
{
"status": "affected",
"version": "BMXNOE0110"
},
{
"status": "affected",
"version": "BMXNOE0110H"
},
{
"status": "affected",
"version": "BMXNOR0200H"
},
{
"status": "affected",
"version": "BMXP342020"
},
{
"status": "affected",
"version": "BMXP342020H"
},
{
"status": "affected",
"version": "BMXP342030"
},
{
"status": "affected",
"version": "BMXP3420302"
},
{
"status": "affected",
"version": "BMXP3420302H"
},
{
"status": "affected",
"version": "BMXP342030H"
},
{
"status": "affected",
"version": "BMXPRMxxxx"
},
{
"status": "affected",
"version": "STBNIC2212"
},
{
"status": "affected",
"version": "STBNIP2212"
},
{
"status": "affected",
"version": "TSXETC0101"
},
{
"status": "affected",
"version": "TSXETC100"
},
{
"status": "affected",
"version": "TSXETY110WS"
},
{
"status": "affected",
"version": "TSXETY110WSC"
},
{
"status": "affected",
"version": "TSXETY4103"
},
{
"status": "affected",
"version": "TSXETY4103C"
},
{
"status": "affected",
"version": "TSXETY5103"
},
{
"status": "affected",
"version": "TSXETY5103C"
},
{
"status": "affected",
"version": "TSXETZ410"
},
{
"status": "affected",
"version": "TSXETZ510"
},
{
"status": "affected",
"version": "TSXNTP100"
},
{
"status": "affected",
"version": "TSXP572623M"
},
{
"status": "affected",
"version": "TSXP572623MC"
},
{
"status": "affected",
"version": "TSXP572823M"
},
{
"status": "affected",
"version": "TSXP572823MC"
},
{
"status": "affected",
"version": "TSXP573623AM"
},
{
"status": "affected",
"version": "TSXP573623M"
},
{
"status": "affected",
"version": "TSXP573623MC"
},
{
"status": "affected",
"version": "TSXP574634M"
},
{
"status": "affected",
"version": "TSXP574823AM"
},
{
"status": "affected",
"version": "TSXP574823M"
},
{
"status": "affected",
"version": "TSXP574823MC"
},
{
"status": "affected",
"version": "TSXP575634M"
},
{
"status": "affected",
"version": "TSXP576634M"
},
{
"status": "affected",
"version": "TSXWMY100"
},
{
"status": "affected",
"version": "TSXWMY100C"
},
{
"status": "affected",
"version": "TSXP571634M"
},
{
"status": "affected",
"version": "TSXP572634M"
},
{
"status": "affected",
"version": "TSXP573634M"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2014-09-30T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDirectory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.\u003c/p\u003e"
}
],
"value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T23:45:03.684Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "70193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70193"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
},
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePlease see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\u003c/a\u003e. for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\u003c/p\u003e\u003cp\u003eThis vulnerability disclosure can be downloaded at the following URL:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/\"\u003ehttp://www.schneider-electric.com/ww/en/download/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Please see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01 . for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\n\nThis vulnerability disclosure can be downloaded at the following URL:\u00a0 http://www.schneider-electric.com/ww/en/download/"
}
],
"source": {
"advisory": "ICSA-14-273-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSearch downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\u003c/p\u003e\n\u003cp\u003eSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\u003c/li\u003e\n\u003cli\u003eDisable Port 80 (HTTP) on modules where it is possible.\u003c/li\u003e\n\u003cli\u003eBlock Port 80 in firewalls to these devices, except for trusted devices.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease contact Schneider Electric Customer Care Center for more information.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Search downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\n\n\nSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\n\n\n\n * Use a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\n\n * Disable Port 80 (HTTP) on modules where it is possible.\n\n * Block Port 80 in firewalls to these devices, except for trusted devices.\n\n\n\n\nPlease contact Schneider Electric Customer Care Center for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70193"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"name": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0754",
"datePublished": "2014-10-03T18:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-08-25T23:45:03.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…