CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.
CWE-552: Existe una vulnerabilidad de archivos o directorios accesibles a terceros que puede impedir que el usuario actualice el firmware del dispositivo e impedir el comportamiento adecuado del servidor web cuando se eliminan archivos o directorios específicos del sistema de archivos.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | LOW |
| Availability Impact | LOW |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-552
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| schneider-electric | modicon_m340_firmware | * | <built-in method update of dict object at 0x7f7638bb6ec0> | Operating System |
| schneider-electric | bmxnoe0100_firmware | * | <built-in method update of dict object at 0x7f763069b280> | Operating System |
| schneider-electric | bmxnoe0110_firmware | * | <built-in method update of dict object at 0x7f763a7e1280> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:schneider-electric:modicon_m340:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:schneider-electric:bmxnoe0100:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:schneider-electric:bmxnoe0110:*:*:*:*:*:*:*:* |