Details of VAR-202108-2562

ID

VAR-202108-2562

TITLE

Schneider Modicon PAC controller has industrial control equipment vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-57335

DESCRIPTION

Schneider Electric M340 is a mid-range PAC industrial process and infrastructure control. Schneider Electric M340 has vulnerabilities in industrial control equipment. Attackers can use the vulnerabilities to remotely obtain the backdoor password, use the password to connect to the password-protected controller, and perform various sensitive operations, such as stopping and running.

Trust: 0.6

sources: CNVD: CNVD-2021-57335

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57335

AFFECTED PRODUCTS

vendor:

schneider

model:

electric m340 v15.0-sp1-201706c

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-57335

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-57335
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2021-57335
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-57335

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-57335

Trust: 0.6

sources: CNVD: CNVD-2021-57335

SOURCES

db:

CNVD

id:

CNVD-2021-57335

LAST UPDATE DATE

2022-05-04T10:10:29.645000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-57335

date:

2021-08-02T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-57335

date:

2021-08-30T00:00:00