Schneider-electric Modicon Out-of-bounds Read

2021-08-1000:00:00

www.tenable.com

0.001 Low

EPSS

Percentile

40.6%

JSON

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.

File data ot_500471.nasl

VendorProductVersionCPE
schneider-electricmodicon_quantum_140noe77101_firmware*cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_quantum_140noe77111_firmware*cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noc_0401_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noe_0100_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noe_0100h_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noe_0110_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noe_0110h_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_nor_0200h_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_p34-2010_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_p34-2030_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	modicon_quantum_140noe77101_firmware	*	cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware::::::::
schneider-electric	modicon_quantum_140noe77111_firmware	*	cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware::::::::
schneider-electric	modicon_m340_bmx_noc_0401_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware::::::::
schneider-electric	modicon_m340_bmx_noe_0100_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware::::::::
schneider-electric	modicon_m340_bmx_noe_0100h_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware::::::::
schneider-electric	modicon_m340_bmx_noe_0110_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware::::::::
schneider-electric	modicon_m340_bmx_noe_0110h_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware::::::::
schneider-electric	modicon_m340_bmx_nor_0200h_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware::::::::
schneider-electric	modicon_m340_bmx_p34-2010_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware::::::::
schneider-electric	modicon_m340_bmx_p34-2030_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware::::::::