CVE-2014-0754

Name of the Vulnerable Software and Affected Versions Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec versions prior to 5.5 Schneider Electric Modicon PLC Ethernet modules 140NOC78x Exec versions prior to 1.62 Schneider Electric Modicon PLC Ethernet modules 140NOE77x Exec versions prior to 6.2 Schneider Electric Modicon PLC Ethernet modules BMXNOC0401 versions prior to 2.05 Schneider Electric Modicon PLC Ethernet modules BMXNOE0100 versions prior to 2.9 Schneider Electric Modicon PLC Ethernet modules BMXNOE0110x Exec versions prior to 6.0 Schneider Electric Modicon PLC Ethernet modules TSXETC101 Exec versions prior to 2.04 Schneider Electric Modicon PLC Ethernet modules TSXETY4103x Exec versions prior to 5.7 Schneider Electric Modicon PLC Ethernet modules TSXETY5103x Exec versions prior to 5.9 Schneider Electric Modicon PLC Ethernet modules TSXP57x ETYPort Exec versions prior to 5.7 Schneider Electric Modicon PLC Ethernet modules TSXP57x Ethernet Copro Exec versions prior to 5.5

Description A directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules allows remote attackers to visit arbitrary resources via a crafted HTTP request.

Recommendations For 140CPU65x Exec versions prior to 5.5, update to version 5.5 or later. For 140NOC78x Exec versions prior to 1.62, update to version 1.62 or later. For 140NOE77x Exec versions prior to 6.2, update to version 6.2 or later. For BMXNOC0401 versions prior to 2.05, update to version 2.05 or later. For BMXNOE0100 versions prior to 2.9, update to version 2.9 or later. For BMXNOE0110x Exec versions prior to 6.0, update to version 6.0 or later. For TSXETC101 Exec versions prior to 2.04, update to version 2.04 or later. For TSXETY4103x Exec versions prior to 5.7, update to version 5.7 or later. For TSXETY5103x Exec versions prior to 5.9, update to version 5.9 or later. For TSXP57x ETYPort Exec versions prior to 5.7, update to version 5.7 or later. For TSXP57x Ethernet Copro Exec versions prior to 5.5, update to version 5.5 or later.