Vulnerability Details CVE-2015-6461
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 5.5
References
Products affected by CVE-2015-6461
-
cpe:2.3:h:schneider-electric:bmxnoc0401:-
-
cpe:2.3:h:schneider-electric:bmxnoe0100:-
-
cpe:2.3:h:schneider-electric:bmxnoe0110:-
-
cpe:2.3:h:schneider-electric:bmxnoe0110h:-
-
cpe:2.3:h:schneider-electric:bmxnor0200h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-
-
cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0110h_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-