Lucene search

[email protected]CVE-2020-7562

HistoryNov 18, 2020 - 2:15 p.m.

CVE-2020-7562

2020-11-1814:15:12

CWE-125

[email protected]

web.nvd.nist.gov

cve-2020-7562

cwe-125

out-of-bounds read

modicon m340

modicon quantum

modicon premium

web server

ftp

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

8.2 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

40.5%

JSON

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.

Affected configurations

NVD

Node

schneider-electricmodicon_tsxety4103_firmware

AND

schneider-electricmodicon_tsxety4103Match-

Node

schneider-electricmodicon_tsxety5103_firmware

AND

schneider-electricmodicon_tsxety5103Match-

Node

schneider-electricmodicon_tsxp574634_firmware

AND

schneider-electricmodicon_tsxp574634Match-

Node

schneider-electricmodicon_tsxp575634_firmware

AND

schneider-electricmodicon_tsxp575634Match-

Node

schneider-electricmodicon_tsxp576634_firmware

AND

schneider-electricmodicon_tsxp576634Match-

Node

schneider-electricmodicon_quantum_140noe77101_firmware

AND

schneider-electricmodicon_quantum_140noe77101Match-

Node

schneider-electricmodicon_quantum_140noe77111_firmware

AND

schneider-electricmodicon_quantum_140noe77111Match-

Node

schneider-electricmodicon_quantum_140noc78100_firmware

AND

schneider-electricmodicon_quantum_140noc78100Match-

Node

schneider-electricmodicon_quantum_140cpu65150_firmware

AND

schneider-electricmodicon_quantum_140cpu65150Match-

Node

schneider-electricmodicon_quantum_140cpu65150c_firmware

AND

schneider-electricmodicon_quantum_140cpu65150cMatch-

Node

schneider-electricmodicon_quantum_140cpu65160c_firmware

AND

schneider-electricmodicon_quantum_140cpu65160cMatch-

Node

schneider-electricmodicon_quantum_140cpu65160_firmware

AND

schneider-electricmodicon_quantum_140cpu65160Match-

Node

schneider-electricmodicon_m340_bmx_p34-2010_firmware

AND

schneider-electricmodicon_m340_bmx_p34-2010Match-

Node

schneider-electricmodicon_m340_bmx_p34-2030_firmware

AND

schneider-electricmodicon_m340_bmx_p34-2030Match-

Node

schneider-electricmodicon_m340_bmx_noc_0401_firmware

AND

schneider-electricmodicon_m340_bmx_noc_0401Match-

Node

schneider-electricmodicon_m340_bmx_noe_0100_firmware

AND

schneider-electricmodicon_m340_bmx_noe_0100Match-

Node

schneider-electricmodicon_m340_bmx_noe_0100h_firmware

AND

schneider-electricmodicon_m340_bmx_noe_0100hMatch-

Node

schneider-electricmodicon_m340_bmx_noe_0110_firmware

AND

schneider-electricmodicon_m340_bmx_noe_0110Match-

Node

schneider-electricmodicon_m340_bmx_noe_0110h_firmware

AND

schneider-electricmodicon_m340_bmx_noe_0110hMatch-

Node

schneider-electricmodicon_m340_bmx_nor_0200h_firmware

AND

schneider-electricmodicon_m340_bmx_nor_0200hMatch-

CPENameOperatorVersion
schneider-electric:modicon_tsxety4103_firmwareschneider-electric modicon tsxety4103 firmwareeq*

CPE	Name	Operator	Version
schneider-electric:modicon_tsxety4103_firmware	schneider-electric modicon tsxety4103 firmware	eq	*

CNA Affected

[
  {
    "product": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details)"
      }
    ]
  }
]

References

www.se.com/ww/en/download/document/SEVD-2020-315-01/

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

8.2 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

40.5%

JSON

Related for CVE-2020-7562

cvelist1 prion1 nessus2 nvd1 ics1