CVE-2020-7533

EPSS 2.3%CWE-287

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

01 dez 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

Produtos afetados

n/a · Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf&p_Doc_Ref=SEVD-2020-287-01&p_enDocType=Security+and+Safety+Notice https://www.se.com/ww/en/download/document/SEVD-2020-287-01/