1. EXECUTIVE SUMMARY
- CVSS v3 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Schneider Electric
- Equipment: Modicon M340 and BMXNOE0100/0110, BMXNOR0200H
- Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause information disclosure of a restricted web page, modification of a web page, and a denial of service when specific web pages are modified and restricted functions invoked.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Schneider Electric products, Modicon M340 and BMXNOE0100/0110, BMXNOR0200H, are affected:
- Modicon M340 processors (part numbers BMXP34*): All versions
- BMXNOE0100: All versions
- BMXNOE0110: All versions
- BMXNOR0200H: Versions prior to SV1.70IR26
3.2 VULNERABILITY OVERVIEW
3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
The affected products are vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which could cause information disclosure of restricted web page, modification of web page, and denial of service when specific web pages are modified and restricted functions invoked.
CVE-2024-12142 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
- COUNTRIES/AREAS DEPLOYED: France
- COMPANY HEADQUARTER
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: