Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7536

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.

Published

2020-12-11T01:15:12.190

Last Modified

2024-11-21T05:37:20.047

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-754

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	schneider-electric	modicon_m340_bmxp341000_firmware	< 3.30	Yes
Hardware	schneider-electric	modicon_m340_bmxp341000	-	No
Operating System	schneider-electric	modicon_m340_bmxp342000_firmware	< 3.30	Yes
Hardware	schneider-electric	modicon_m340_bmxp342000	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420102_firmware	< 3.30	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420102	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420102cl_firmware	< 3.30	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420102cl	-	No
Operating System	schneider-electric	modicon_m340_bmxp342020_firmware	< 3.30	Yes
Hardware	schneider-electric	modicon_m340_bmxp342020	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420302_firmware	< 3.30	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420302	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420302cl_firmware	< 3.30	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420302cl	-	No
Operating System	schneider-electric	bmxnoe0100_firmware	< 3.4	Yes
Hardware	schneider-electric	bmxnoe0100	-	No
Operating System	schneider-electric	bmxnoe0110_firmware	< 6.6	Yes
Hardware	schneider-electric	bmxnoe0110	-	No
Operating System	schneider-electric	bmxnor0200h_firmware	*	Yes
Hardware	schneider-electric	bmxnor0200h	-	No

References

https://security.cse.iitk.ac.in/responsible-disclosure Vendor Advisory ([email protected])
https://www.se.com/ww/en/download/document/SEVD-2020-343-07/ Vendor Advisory ([email protected])
https://security.cse.iitk.ac.in/responsible-disclosure Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.se.com/ww/en/download/document/SEVD-2020-343-07/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)