CVE-2015-6462

Name of the Vulnerable Software and Affected Versions Schneider Electric Modicon BMXNOC0401 Schneider Electric Modicon BMXNOE0100 Schneider Electric Modicon BMXNOE0110 Schneider Electric Modicon BMXNOE0110H Schneider Electric Modicon BMXNOR0200H Schneider Electric Modicon BMXP342020 Schneider Electric Modicon BMXP342020H Schneider Electric Modicon BMXP342030 Schneider Electric Modicon BMXP3420302 Schneider Electric Modicon BMXP3420302H Schneider Electric Modicon BMXP342030H

Description The issue allows an attacker to craft a specific URL that contains JavaScript, which will be executed on the client browser of the PLC. This is a Reflected Cross-Site Scripting (nonpersistent) issue.

Recommendations For each of the affected devices, apply the recommended patch or update from Schneider Electric to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.