Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SCHNEIDER_CVE-2020-7562.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Schneider Electric Web Server on Modicon M340 Out-of-Bounds Read (CVE-2020-7562)
2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
schneider electric
modicon m340
out-of-bounds read
vulnerability
cwe-125
web server
segmentation fault
buffer overflow
ftp
tenable.ot
cisa
ics
advisory
exploitability
mitigations
remediation
unitypro
ecostruxure control expert
access control list
network segmentation
firewall
modicon premium
modicon quantum
modicon m580 epac
cybersecurity
end of life
controller
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
8.4
Confidence
High
EPSS
0.001
Percentile
40.5%
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500471);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2020-7562");
script_xref(name:"ICSA", value:"21-005-01");
script_name(english:"Schneider Electric Web Server on Modicon M340 Out-of-Bounds Read (CVE-2020-7562)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server
on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and
their Communication Modules (see notification for details) which could
cause a segmentation fault or a buffer overflow when uploading a
specially crafted file on the controller over FTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-005-01");
script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Schneider Electric is establishing a remediation plan to fix these vulnerabilities in current and future versions of
Modicon PAC controllers. Schneider Electric will update SEVD-2020-315-01 when the remediation is available. Until then,
users should immediately apply the following mitigations to reduce the risk of exploit:
- Disable FTP via UnityPro / Ecostruxure Control Expert. This is disabled by default when a new application is created.
- Configure the access control list via Ecostruxure Control Expert programming tool.
- Set up network segmentation and implement a firewall to block all unauthorized access to Port 21/TCP.
Schneider ElectricΓ’ΒΒs Modicon Premium and Modicon Quantum controllers have reached their end of life and are no longer
commercially available. They have been replaced by the Modicon M580 ePAC controller.
For further information please refer to Modicon Controllers Platform - CyberSecurity, Reference Manual and
SEVD-2020-315-01");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7562");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(125);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65160_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65160c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noc78100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noe77101_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noe77111_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxety4103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxety5103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp574634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp575634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp576634_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:modicon_tsxety4103_firmware" :
{"family" : "PremiumCP"},
"cpe:/o:schneider-electric:modicon_tsxety5103_firmware" :
{"family" : "PremiumCP"},
"cpe:/o:schneider-electric:modicon_tsxp574634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_tsxp575634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_tsxp576634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_quantum_140noe77101_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140noe77111_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140noc78100_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65160c_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65160_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware" :
{"family" : "ModiconM340", "versionEndExcluding" : "3.40"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware" :
{"family" : "ModiconM340", "versionEndExcluding" : "3.40"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "v2.11"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv03.50"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv03.50"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv06.70"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv06.70"},
"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "v1.7.ir23"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Related
cvelist
cvelist
CVE-2020-7562
2020-11-18 13:54:32
cve
cve
CVE-2020-7562
2020-11-18 14:15:12
nessus
nessus
Schneider-electric Modicon Out-of-bounds Read
2021-08-10 00:00:00
prion
prion
Out-of-bounds
2020-11-18 14:15:00
nvd
nvd
CVE-2020-7562
2020-11-18 14:15:12
ics
ics
Schneider Electric Web Server on Modicon M340
2021-01-05 12:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
8.4
Confidence
High
EPSS
0.001
Percentile
40.5%
Related for TENABLE_OT_SCHNEIDER_CVE-2020-7562.NASL