CNVD-2018-25428 — Vulnetix

CNVD-2018-25428 PUBLISHED

Schneider Electric Modicon M340等都是法国施耐德电气（Schneider Electric）公司的可编程逻辑控制器产品。多款Schneider Electric产品中的嵌入式web服务器存在跨站脚本漏洞，远程攻击者可借助特制的URL利用该漏洞在用户的浏览器中执行JavaScript代码。

Affected Products

Vendor	Product	Versions
	Schneider Electric BMXNOR0200
	Schneider Electric Modicon M340
	Schneider Electric Premium
	Schneider Electric Quantum PLCs

Timeline

Nov 29, 2018 CVE ID Reserved
Dec 14, 2018 CVE Published

References

https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/ url

Open in Interactive Console →