CVE-2013-0663 · CVEKit

cve.orgen

388 chars

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

NVDen

388 chars

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

NVDes

379 chars

Vulnerabilidad CSRF en los módulos Schneider Electric Quantum 140NOE77111, 140NOE77101, y 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, y BMXNOE011xx; y Premium TSXETY4103, TSXETY5103, y TSXWMY100 PLC, permite a atacantes remotos secuestrar la autenticación de los usuarios para peticiones que ejecutan comandos, como se ha demostrado mediante la modificación de de peticiones HTTP.

CVSS metrics across sources

1

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P