CVE-2015-6462 - OpenCVE

Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Bmxnoc0401 Modicon M340 Bmxp342030h Firmware Bmxnoe0100 Bmxnoe0110h Modicon M340 Bmxp3420302 Modicon M340 Bmxp3420302h Firmware Modicon M340 Bmxp342030 Firmware Modicon M340 Bmxp3420302 Firmware Modicon M340 Bmxp342030 Modicon M340 Bmxp342020h Modicon M340 Bmxp342030h Modicon M340 Bmxp342020h Firmware Bmxnoe0110 Firmware Modicon M340 Bmxp342020 Bmxnoe0110h Firmware Bmxnoe0110 Bmxnor0200h Firmware Modicon M340 Bmxp342020 Firmware Modicon M340 Bmxp3420302h Bmxnoe0100 Firmware Bmxnoc0401 Firmware Bmxnor0200h

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0110h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110h:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02	US Government Resource Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2019-03-21T18:44:47

Updated: 2019-03-21T18:44:47

Reserved: 2015-08-17T00:00:00

Link: CVE-2015-6462

JSON object: View

NVD Information

Status : Modified

Published: 2019-03-21T19:29:00.317

Modified: 2024-04-10T12:28:45.957

Link: CVE-2015-6462

JSON object: View

Redhat Information

No data.

CWE

CWE-79