Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SCHNEIDER_CVE-2020-7539.NASLHistoryJun 29, 2023 - 12:00 a.m.
Schneider Electric Modicon Improper Check for Unusual or Exceptional Conditions (CVE-2020-7539)
2023-06-2900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
schneider electric
modicon m340
quantum
premium
web server
cwe-754
denial of service
http
tenable.ot
security notification
vulnerability
communication modules
cve-2020-7539
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
42.5%
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501217);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");
script_cve_id("CVE-2020-7539");
script_name(english:"Schneider Electric Modicon Improper Check for Unusual or Exceptional Conditions (CVE-2020-7539)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A CWE-754 Improper Check for Unusual or Exceptional Conditions
vulnerability exists in the Web Server on Modicon M340, Legacy Offers
Modicon Quantum and Modicon Premium and associated Communication
Modules (see security notification for affected versions), that could
cause a denial of service vulnerability when a specially crafted
packet is sent to the controller over HTTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2020-343-03/");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7539");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(754);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/11");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140cpu65150_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noc77101_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noc78000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noc78100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noe77111_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxnoc0401_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxnoe0100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxnoe0110_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp341000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp342000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp3420102_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp3420102cl_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp342020_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp3420302_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp3420302cl_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxety4103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxety5103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxp574634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxp575634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxp576634_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:bmxp341000_firmware" :
{"versionEndExcluding" : "3.30", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp342000_firmware" :
{"versionEndExcluding" : "3.30", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp3420102_firmware" :
{"versionEndExcluding" : "3.30", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp3420102cl_firmware" :
{"versionEndExcluding" : "3.30", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp342020_firmware" :
{"versionEndExcluding" : "3.30", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp3420302_firmware" :
{"versionEndExcluding" : "3.30", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp3420302cl_firmware" :
{"versionEndExcluding" : "3.30", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxnoe0100_firmware" :
{"versionEndExcluding" : "3.3", "family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:bmxnoe0110_firmware" :
{"versionEndExcluding" : "6.5", "family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:bmxnoc0401_firmware" :
{"versionEndExcluding" : "2.10", "family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:tsxp574634_firmware" :
{"versionEndExcluding" : "6.1", "family" : "Premium"},
"cpe:/o:schneider-electric:tsxp575634_firmware" :
{"versionEndExcluding" : "6.1", "family" : "Premium"},
"cpe:/o:schneider-electric:tsxp576634_firmware" :
{"versionEndExcluding" : "6.1", "family" : "Premium"},
"cpe:/o:schneider-electric:tsxety4103_firmware" :
{"versionEndExcluding" : "6.2", "family" : "PremiumCP"},
"cpe:/o:schneider-electric:tsxety5103_firmware" :
{"versionEndExcluding" : "6.4", "family" : "PremiumCP"},
"cpe:/o:schneider-electric:140cpu65150_firmware" :
{"versionEndExcluding" : "6.1", "family" : "QuantumUnity"},
"cpe:/o:schneider-electric:140noe77111_firmware" :
{"versionEndExcluding" : "7.1", "family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:140noc78100_firmware" :
{"versionEndExcluding" : "1.74", "family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:140noc78000_firmware" :
{"versionEndExcluding" : "1.74", "family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:140noc77101_firmware" :
{"versionEndExcluding" : "1.08", "family" : "QuantumUnityCP"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | 140cpu65150_firmware | cpe:/o:schneider-electric:140cpu65150_firmware | |
| schneider-electric | 140noe77111_firmware | cpe:/o:schneider-electric:140noe77111_firmware | |
| schneider-electric | 140noc77101_firmware | cpe:/o:schneider-electric:140noc77101_firmware | |
| schneider-electric | 140noc78000_firmware | cpe:/o:schneider-electric:140noc78000_firmware | |
| schneider-electric | bmxnoc0401_firmware | cpe:/o:schneider-electric:bmxnoc0401_firmware | |
| schneider-electric | bmxnoe0100_firmware | cpe:/o:schneider-electric:bmxnoe0100_firmware | |
| schneider-electric | bmxnoe0110_firmware | cpe:/o:schneider-electric:bmxnoe0110_firmware | |
| schneider-electric | bmxp341000_firmware | cpe:/o:schneider-electric:bmxp341000_firmware | |
| schneider-electric | bmxp342000_firmware | cpe:/o:schneider-electric:bmxp342000_firmware | |
| schneider-electric | bmxp3420102_firmware | cpe:/o:schneider-electric:bmxp3420102_firmware |
Related
cvelist
cvelist
CVE-2020-7539
2020-12-11 00:51:57
cve
cve
CVE-2020-7539
2020-12-11 01:15:12
prion
prion
Design/Logic Flaw
2020-12-11 01:15:00
nvd
nvd
CVE-2020-7539
2020-12-11 01:15:12
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
42.5%
Related for TENABLE_OT_SCHNEIDER_CVE-2020-7539.NASL