CVE-2013-0663
Last modified
CVE-2013-0663 is a vulnerability of currently unknown severity. Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.. EPSS estimates a 5.96% chance of exploitation in the next 30 days.
Description
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon Quantum Plc | 140noe77101 |
| Schneider-Electric | Modicon Quantum Plc | 140noe77111 |
| Schneider-Electric | Modicon Quantum Plc | 140nwm10000 |
| Schneider-Electric | Modicon M340 | bmxnoc0401 |
| Schneider-Electric | Modicon M340 | bmxnoe011xx |
| Schneider-Electric | Modicon M340 | bmxnoe0100x |
| Schneider-Electric | Modicon Premium | tsxety4103 |
| Schneider-Electric | Modicon Premium | tsxety5103 |
| Schneider-Electric | Modicon Premium | tsxwmy100 |
References
- http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdfUS Government Resource
- http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdfUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-0663?
How severe is CVE-2013-0663?
How do I fix CVE-2013-0663?
Are you affected by CVE-2013-0663?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST