CVE-2015-6461 - OpenCVE

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Bmxnoc0401 Modicon M340 Bmxp342030h Firmware Bmxnoe0100 Bmxnoe0110h Modicon M340 Bmxp3420302 Modicon M340 Bmxp3420302h Firmware Modicon M340 Bmxp342030 Firmware Modicon M340 Bmxp3420302 Firmware Modicon M340 Bmxp342030 Modicon M340 Bmxp342020h Modicon M340 Bmxp342030h Modicon M340 Bmxp342020h Firmware Bmxnoe0110 Firmware Modicon M340 Bmxp342020 Bmxnoe0110h Firmware Bmxnoe0110 Bmxnor0200h Firmware Modicon M340 Bmxp342020 Firmware Modicon M340 Bmxp3420302h Bmxnoe0100 Firmware Bmxnoc0401 Firmware Bmxnor0200h

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0110h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110h:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02	US Government Resource Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2019-03-21T18:17:48

Updated: 2019-03-21T18:17:48

Reserved: 2015-08-17T00:00:00

Link: CVE-2015-6461

JSON object: View

NVD Information

Status : Modified

Published: 2019-03-21T19:29:00.267

Modified: 2024-04-10T12:28:45.957

Link: CVE-2015-6461

JSON object: View

Redhat Information

No data.

CWE