Schneider Electric Modicon PLC Remote File Inclusion Vulnerability

Schneider Electric Modicon PLC Remote File Inclusion Vulnerability

CVE-2015-6461 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.

Learn more about our Web App Pen Testing.