Strix
26.1K

CVE-2014-0754

UnknownEPSS 8.98%

Last modified

CVE-2014-0754 is a vulnerability of currently unknown severity. Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.. EPSS estimates a 8.98% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.

Metrics

EPSS Probability
8.98%

94.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Schneider-ElectricStbnic2212 FirmwareAll versions
Schneider-ElectricStbnip2212 FirmwareAll versions
Schneider-ElectricTsxetc0101 FirmwareAll versions
Schneider-ElectricTsxetc100 FirmwareAll versions
Schneider-ElectricTsxp573623mc FirmwareAll versions
Schneider-ElectricTsxety110ws FirmwareAll versions
Schneider-ElectricTsxp574634m FirmwareAll versions
Schneider-ElectricTsxety110wsc FirmwareAll versions
Schneider-ElectricTsxp574823am FirmwareAll versions
Schneider-ElectricTsxety4103 FirmwareAll versions
Schneider-ElectricTsxp574823m FirmwareAll versions
Schneider-ElectricTsxety4103c FirmwareAll versions
Schneider-ElectricTsxp574823mc FirmwareAll versions
Schneider-ElectricTsxety5103 FirmwareAll versions
Schneider-ElectricTsxp575634m FirmwareAll versions
Schneider-ElectricTsxety5103c FirmwareAll versions
Schneider-ElectricTsxp576634m FirmwareAll versions
Schneider-ElectricTsxetz410 FirmwareAll versions
Schneider-ElectricTsxwmy100 FirmwareAll versions
Schneider-ElectricTsxetz510 FirmwareAll versions
Schneider-ElectricTsxwmy100c FirmwareAll versions
Schneider-ElectricTsxntp100 FirmwareAll versions
Schneider-ElectricModicon M580 Bmxnoc0402 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxnoe0100 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxnoe0110 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxnoe0110h FirmwareAll versions
Schneider-ElectricModicon M340 Bmxnor0200h FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp342020 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp342020h FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp342030 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp3420302 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp3420302h FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp342030h FirmwareAll versions
Schneider-ElectricModicon M340 Bmxnoc0401 FirmwareAll versions
Schneider-Electric171ccc96020 FirmwareAll versions
Schneider-Electric171ccc96020c FirmwareAll versions
Schneider-Electric171ccc96030 FirmwareAll versions
Schneider-Electric171ccc96030c FirmwareAll versions
Schneider-Electric171ccc98020 FirmwareAll versions
Schneider-Electric171ccc98030 FirmwareAll versions
Schneider-ElectricTsxp571634m FirmwareAll versions
Schneider-ElectricTsxp572634m FirmwareAll versions
Schneider-ElectricTsxp573634m FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-0754?
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
How severe is CVE-2014-0754?
Severity scoring for CVE-2014-0754 is pending analysis. The EPSS model estimates a 8.98% probability of exploitation in the next 30 days.
How do I fix CVE-2014-0754?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0754?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST