Name of the Vulnerable Software and Affected Versions:

Schneider Electric Modicon BMXNOC0401

Schneider Electric Modicon BMXNOE0100

Schneider Electric Modicon BMXNOE0110

Schneider Electric Modicon BMXNOE0110H

Schneider Electric Modicon BMXNOR0200H

Schneider Electric Modicon BMXP342020

Schneider Electric Modicon BMXP342020H

Schneider Electric Modicon BMXP342030

Schneider Electric Modicon BMXP3420302

Schneider Electric Modicon BMXP3420302H

Schneider Electric Modicon BMXP342030H

Description:

The issue allows an attacker to craft a specific URL that contains JavaScript, which will be executed on the client browser of the PLC. This is a Reflected Cross-Site Scripting (nonpersistent) issue.

Recommendations:

For each of the affected devices, apply the recommended patch or update from Schneider Electric to resolve the issue.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.