CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.1 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Primary | 2.0 | 7.5 | HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| CWE ID | Type | Source |
|---|---|---|
| CWE-287 | Primary | cybersecurity@se.com |
| NVD-CWE-noinfo | Secondary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf&p_Doc_Ref=SEVD-2020-287-01&p_enDocType=Security+and+Safety+Notice | cybersecurity@se.com | N/A |
| https://www.se.com/ww/en/download/document/SEVD-2020-287-01/ | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |