Lucene search

K
cve[email protected]CVE-2020-7564
HistoryNov 18, 2020 - 2:15 p.m.

CVE-2020-7564

2020-11-1814:15:13
CWE-120
web.nvd.nist.gov
32
cve-2020-7564
cwe-120
buffer overflow
modicon m340
modicon quantum
modicon premium
ftp
web server
command execution

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.

Affected configurations

NVD
Node
schneider-electricmodicon_tsxety4103_firmware
AND
schneider-electricmodicon_tsxety4103Match-
Node
schneider-electricmodicon_tsxety5103_firmware
AND
schneider-electricmodicon_tsxety5103Match-
Node
schneider-electricmodicon_tsxp574634_firmware
AND
schneider-electricmodicon_tsxp574634Match-
Node
schneider-electricmodicon_tsxp575634_firmware
AND
schneider-electricmodicon_tsxp575634Match-
Node
schneider-electricmodicon_tsxp576634_firmware
AND
schneider-electricmodicon_tsxp576634Match-
Node
schneider-electricmodicon_quantum_140noe77101_firmware
AND
schneider-electricmodicon_quantum_140noe77101Match-
Node
schneider-electricmodicon_quantum_140noe77111_firmware
AND
schneider-electricmodicon_quantum_140noe77111Match-
Node
schneider-electricmodicon_quantum_140noc78100_firmware
AND
schneider-electricmodicon_quantum_140noc78100Match-
Node
schneider-electricmodicon_quantum_140cpu65150_firmware
AND
schneider-electricmodicon_quantum_140cpu65150Match-
Node
schneider-electricmodicon_quantum_140cpu65150c_firmware
AND
schneider-electricmodicon_quantum_140cpu65150cMatch-
Node
schneider-electricmodicon_quantum_140cpu65160c_firmware
AND
schneider-electricmodicon_quantum_140cpu65160cMatch-
Node
schneider-electricmodicon_quantum_140cpu65160_firmware
AND
schneider-electricmodicon_quantum_140cpu65160Match-
Node
schneider-electricmodicon_m340_bmx_p34-2010_firmware
AND
schneider-electricmodicon_m340_bmx_p34-2010Match-
Node
schneider-electricmodicon_m340_bmx_p34-2030_firmware
AND
schneider-electricmodicon_m340_bmx_p34-2030Match-
Node
schneider-electricmodicon_m340_bmx_noc_0401_firmware
AND
schneider-electricmodicon_m340_bmx_noc_0401Match-
Node
schneider-electricmodicon_m340_bmx_noe_0100_firmware
AND
schneider-electricmodicon_m340_bmx_noe_0100Match-
Node
schneider-electricmodicon_m340_bmx_noe_0100h_firmware
AND
schneider-electricmodicon_m340_bmx_noe_0100hMatch-
Node
schneider-electricmodicon_m340_bmx_noe_0110_firmware
AND
schneider-electricmodicon_m340_bmx_noe_0110Match-
Node
schneider-electricmodicon_m340_bmx_noe_0110h_firmware
AND
schneider-electricmodicon_m340_bmx_noe_0110hMatch-
Node
schneider-electricmodicon_m340_bmx_nor_0200h_firmware
AND
schneider-electricmodicon_m340_bmx_nor_0200hMatch-

CNA Affected

[
  {
    "product": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details)"
      }
    ]
  }
]

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

Related for CVE-2020-7564