Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7562

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.

Published

2020-11-18T14:15:12.377

Last Modified

2024-11-21T05:37:22.960

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	schneider-electric	modicon_tsxety4103_firmware	*	Yes
Hardware	schneider-electric	modicon_tsxety4103	-	No
Operating System	schneider-electric	modicon_tsxety5103_firmware	*	Yes
Hardware	schneider-electric	modicon_tsxety5103	-	No
Operating System	schneider-electric	modicon_tsxp574634_firmware	*	Yes
Hardware	schneider-electric	modicon_tsxp574634	-	No
Operating System	schneider-electric	modicon_tsxp575634_firmware	*	Yes
Hardware	schneider-electric	modicon_tsxp575634	-	No
Operating System	schneider-electric	modicon_tsxp576634_firmware	*	Yes
Hardware	schneider-electric	modicon_tsxp576634	-	No
Operating System	schneider-electric	modicon_quantum_140noe77101_firmware	*	Yes
Hardware	schneider-electric	modicon_quantum_140noe77101	-	No
Operating System	schneider-electric	modicon_quantum_140noe77111_firmware	*	Yes
Hardware	schneider-electric	modicon_quantum_140noe77111	-	No
Operating System	schneider-electric	modicon_quantum_140noc78100_firmware	*	Yes
Hardware	schneider-electric	modicon_quantum_140noc78100	-	No
Operating System	schneider-electric	modicon_quantum_140cpu65150_firmware	*	Yes
Hardware	schneider-electric	modicon_quantum_140cpu65150	-	No
Operating System	schneider-electric	modicon_quantum_140cpu65150c_firmware	*	Yes
Hardware	schneider-electric	modicon_quantum_140cpu65150c	-	No
Operating System	schneider-electric	modicon_quantum_140cpu65160c_firmware	*	Yes
Hardware	schneider-electric	modicon_quantum_140cpu65160c	-	No
Operating System	schneider-electric	modicon_quantum_140cpu65160_firmware	*	Yes
Hardware	schneider-electric	modicon_quantum_140cpu65160	-	No
Operating System	schneider-electric	modicon_m340_bmx_p34-2010_firmware	*	Yes
Hardware	schneider-electric	modicon_m340_bmx_p34-2010	-	No
Operating System	schneider-electric	modicon_m340_bmx_p34-2030_firmware	*	Yes
Hardware	schneider-electric	modicon_m340_bmx_p34-2030	-	No
Operating System	schneider-electric	modicon_m340_bmx_noc_0401_firmware	*	Yes
Hardware	schneider-electric	modicon_m340_bmx_noc_0401	-	No
Operating System	schneider-electric	modicon_m340_bmx_noe_0100_firmware	*	Yes
Hardware	schneider-electric	modicon_m340_bmx_noe_0100	-	No
Operating System	schneider-electric	modicon_m340_bmx_noe_0100h_firmware	*	Yes
Hardware	schneider-electric	modicon_m340_bmx_noe_0100h	-	No
Operating System	schneider-electric	modicon_m340_bmx_noe_0110_firmware	*	Yes
Hardware	schneider-electric	modicon_m340_bmx_noe_0110	-	No
Operating System	schneider-electric	modicon_m340_bmx_noe_0110h_firmware	*	Yes
Hardware	schneider-electric	modicon_m340_bmx_noe_0110h	-	No
Operating System	schneider-electric	modicon_m340_bmx_nor_0200h_firmware	*	Yes
Hardware	schneider-electric	modicon_m340_bmx_nor_0200h	-	No

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-01/ Vendor Advisory ([email protected])
https://www.se.com/ww/en/download/document/SEVD-2020-315-01/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)