CVE-2014-0754 | Directory traversal vulnerability in SchneiderWEB on Schneid…

Description

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.

Metadata

CVE ID: CVE-2014-0754
State: PUBLISHED
Assigner: icscert
Reserved: 2014-01-02 00:00 UTC
Published: 2014-10-03 18:00 UTC
Last updated: 2025-08-25 23:45 UTC
Vendor / Product: Schneider Electric / Ethernet modules for M340, Quantum and Premium PLC ranges
Sources: cve.org · NVD

Severity & Metrics

10.0 N/D CVSS 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products (1)

Vendor	Product	Platform	Versions
Schneider Electric	Ethernet modules for M340, Quantum and Premium PLC ranges	—	140CPU65150, 140CPU65160, 140CPU65260, 140NOC77100 …

Weakness (CWE)

CWE	Source	Description
—	cna	n/a

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:C/I:C/A:C

References (3)