CVE-2013-0663 - OpenCVE

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Modicon M340 Modicon Quantum Plc Modicon Premium

Configuration 1 [-]

OR	cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77101:::::::*
	cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77111:::::::*
	cpe:2.3:h:schneider-electric:modicon_quantum_plc:140nwm10000:::::::*

Configuration 2 [-]

OR	cpe:2.3:h:schneider-electric:modicon_m340:bmxnoc0401:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe011xx:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe0100x:::::::*

Configuration 3 [-]

OR	cpe:2.3:h:schneider-electric:modicon_premium:tsxety4103:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium:tsxety5103:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium:tsxwmy100:::::::*

References

Link	Resource
http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf	US Government Resource
http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/	Vendor Advisory
http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper	Vendor Advisory
https://www.exploit-db.com/exploits/44678/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2013-04-04T10:00:00

Updated: 2018-05-23T09:57:01

Reserved: 2012-12-19T00:00:00

Link: CVE-2013-0663

JSON object: View

NVD Information

Status : Modified

Published: 2013-04-04T11:58:48.687

Modified: 2018-05-24T01:29:00.487

Link: CVE-2013-0663

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-23T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "44678", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44678/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper"}, {"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-0663", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "44678", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44678/"}, {"name": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/", "refsource": "CONFIRM", "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"}, {"name": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper", "refsource": "CONFIRM", "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper"}, {"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-0663", "datePublished": "2013-04-04T10:00:00", "dateReserved": "2012-12-19T00:00:00", "dateUpdated": "2018-05-23T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77101:*:*:*:*:*:*:*", "matchCriteriaId": "18705050-B954-4AB9-A8D0-BDCB09A9839A", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77111:*:*:*:*:*:*:*", "matchCriteriaId": "56FB594F-638A-4E8B-9072-475E64CDE999", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140nwm10000:*:*:*:*:*:*:*", "matchCriteriaId": "AD53FEBF-FF81-4563-B80C-CE67ABDA233B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoc0401:*:*:*:*:*:*:*", "matchCriteriaId": "00C02342-50B0-4883-9430-9CAB7968081B", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe011xx:*:*:*:*:*:*:*", "matchCriteriaId": "21E85599-1298-4B8C-8255-42D165F905F4", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe0100x:*:*:*:*:*:*:*", "matchCriteriaId": "1F41B43D-038F-4775-A1BB-486918806E7E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxety4103:*:*:*:*:*:*:*", "matchCriteriaId": "FEEA7CF9-59A9-4B40-9E20-F179D40815C9", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxety5103:*:*:*:*:*:*:*", "matchCriteriaId": "D7579763-6663-41F7-A162-5FEBA9A9CE70", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxwmy100:*:*:*:*:*:*:*", "matchCriteriaId": "42C34DAA-D856-4E59-A98F-2DF47E600612", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials."}, {"lang": "es", "value": "Vulnerabilidad CSRF en los m\u00f3dulos Schneider Electric Quantum 140NOE77111, 140NOE77101, y 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, y BMXNOE011xx; y Premium TSXETY4103, TSXETY5103, y TSXWMY100 PLC, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios para peticiones que ejecutan comandos, como se ha demostrado mediante la modificaci\u00f3n de de peticiones HTTP."}], "id": "CVE-2013-0663", "lastModified": "2018-05-24T01:29:00.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-04-04T11:58:48.687", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.exploit-db.com/exploits/44678/"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}