CVE-2020-7533

EPSS 2.3%CWE-287

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

01 dic 2020Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

Productos afectados

n/a · Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf&p_Doc_Ref=SEVD-2020-287-01&p_enDocType=Security+and+Safety+Notice https://www.se.com/ww/en/download/document/SEVD-2020-287-01/