CVE-2015-6461

CVE-2015-6461

Vendor N/A
Product Schneider Electric Modicon PLC
Weakness CWE-98 · PHP file inclusion
Published March 21, 2019
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.

Key dates

02Disclosure timeline

March 21, 2019 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-60044 WordPress Fribbo theme <= 1.1.0 - Local File Inclusion vulnerability CVE-2025-49278 WordPress Blogty theme <= 1.0.11 - Local File Inclusion Vulnerability CVE-2024-35629 WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability CVE-2025-47438 WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability CVE-2025-67521 WordPress Select Core plugin < 2.6 - Local File Inclusion vulnerability