← Back to home

ICSA-14-273-01 · Published 2025-06-06 · View on CISA ICS-CERT ↗

SchneiderWEB Server Directory Traversal Vulnerability

CVSS 10.0 CRITICAL

CVEs (1)

CVE-2014-0754

Remediations

Please see Schneider Electric’s vulnerability disclosure SEVD-2014-260-01 Schneider Electric Vulnerability Disclosure – Modicon Ethernet Comm Modules - SEVD-2014-260-01 - (http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01). for more detailed information on which product part numbers are affected, as well as the complete list of which devices have released firmware updates available.
This vulnerability disclosure can be downloaded at the following URL: (http://www.schneider-electric.com/ww/en/download/)
Search downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to download the vulnerability disclosure. This URL site can also be used to download firmware updates identified in the vulnerability disclosure.
Schneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices: Use a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL. Disable Port 80 (HTTP) on modules where it is possible. Block Port 80 in firewalls to these devices, except for trusted devices.
Please contact Schneider Electric Customer Care Center for more information.

Affected Vendors

Schneider Electric

Affected Products (66)

Schneider Electric · SchneiderWEB web HMI 140CPU65150

Schneider Electric · SchneiderWEB web HMI 171CCC96020

Schneider Electric · SchneiderWEB web HMI BMXP3420302H

Schneider Electric · SchneiderWEB web HMI TSXP572623M

Schneider Electric · SchneiderWEB web HMI TSXP572634M

Schneider Electric · SchneiderWEB web HMI 140CPU65160

Schneider Electric · SchneiderWEB web HMI 171CCC96020C

Schneider Electric · SchneiderWEB web HMI BMXP342030H

Schneider Electric · SchneiderWEB web HMI TSXP572623MC

Schneider Electric · SchneiderWEB web HMI TSXP573634M

Schneider Electric · SchneiderWEB web HMI 140CPU65260

Schneider Electric · SchneiderWEB web HMI 171CCC96030

Schneider Electric · SchneiderWEB web HMI BMXPRMxxxx

Schneider Electric · SchneiderWEB web HMI TSXP572823M

Schneider Electric · SchneiderWEB web HMI 140NOC77100

Schneider Electric · SchneiderWEB web HMI 171CCC96030C

Schneider Electric · SchneiderWEB web HMI STBNIC2212

Schneider Electric · SchneiderWEB web HMI TSXP572823MC

Schneider Electric · SchneiderWEB web HMI 140NOC78000

Schneider Electric · SchneiderWEB web HMI 171CCC98020

Schneider Electric · SchneiderWEB web HMI STBNIP2212

Schneider Electric · SchneiderWEB web HMI TSXP573623AM

Schneider Electric · SchneiderWEB web HMI 140NOC78100

Schneider Electric · SchneiderWEB web HMI 171CCC98030

Schneider Electric · SchneiderWEB web HMI TSXETC0101

Schneider Electric · SchneiderWEB web HMI TSXP573623M

Schneider Electric · SchneiderWEB web HMI 140NOE77100

Schneider Electric · SchneiderWEB web HMI BMXNOC0401

Schneider Electric · SchneiderWEB web HMI TSXETC100

Schneider Electric · SchneiderWEB web HMI TSXP573623MC

Schneider Electric · SchneiderWEB web HMI 140NOE77101

Schneider Electric · SchneiderWEB web HMI BMXNOC0402

Schneider Electric · SchneiderWEB web HMI TSXETY110WS

Schneider Electric · SchneiderWEB web HMI TSXP574634M

Schneider Electric · SchneiderWEB web HMI 140NOE77101C

Schneider Electric · SchneiderWEB web HMI BMXNOE0100

Schneider Electric · SchneiderWEB web HMI TSXETY110WSC

Schneider Electric · SchneiderWEB web HMI TSXP574823AM

Schneider Electric · SchneiderWEB web HMI 140NOE77110

Schneider Electric · SchneiderWEB web HMI BMXNOE0110

Schneider Electric · SchneiderWEB web HMI TSXETY4103

Schneider Electric · SchneiderWEB web HMI TSXP574823M

Schneider Electric · SchneiderWEB web HMI 140NOE77111

Schneider Electric · SchneiderWEB web HMI BMXNOE0110H

Schneider Electric · SchneiderWEB web HMI TSXETY4103C

Schneider Electric · SchneiderWEB web HMI TSXP574823MC

Schneider Electric · SchneiderWEB web HMI 140NOE77111C

Schneider Electric · SchneiderWEB web HMI BMXNOR0200H

Schneider Electric · SchneiderWEB web HMI TSXETY5103

Schneider Electric · SchneiderWEB web HMI TSXP575634M

Schneider Electric · SchneiderWEB web HMI 140NWM10000

Schneider Electric · SchneiderWEB web HMI BMXP342020

Schneider Electric · SchneiderWEB web HMI TSXETY5103C

Schneider Electric · SchneiderWEB web HMI TSXP576634M

Schneider Electric · SchneiderWEB web HMI 170ENT11001

Schneider Electric · SchneiderWEB web HMI BMXP342020H

Schneider Electric · SchneiderWEB web HMI TSXETZ410

Schneider Electric · SchneiderWEB web HMI TSXWMY100

Schneider Electric · SchneiderWEB web HMI 170ENT11002

Schneider Electric · SchneiderWEB web HMI BMXP342030

Schneider Electric · SchneiderWEB web HMI TSXETZ510

Schneider Electric · SchneiderWEB web HMI TSXWMY100C

Schneider Electric · SchneiderWEB web HMI 170ENT11002C

Schneider Electric · SchneiderWEB web HMI BMXP3420302

Schneider Electric · SchneiderWEB web HMI TSXNTP100

Schneider Electric · SchneiderWEB web HMI TSXP571634M

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more