CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
40.5%
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500471);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2020-7562");
script_xref(name:"ICSA", value:"21-005-01");
script_name(english:"Schneider Electric Web Server on Modicon M340 Out-of-Bounds Read (CVE-2020-7562)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server
on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and
their Communication Modules (see notification for details) which could
cause a segmentation fault or a buffer overflow when uploading a
specially crafted file on the controller over FTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-005-01");
script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Schneider Electric is establishing a remediation plan to fix these vulnerabilities in current and future versions of
Modicon PAC controllers. Schneider Electric will update SEVD-2020-315-01 when the remediation is available. Until then,
users should immediately apply the following mitigations to reduce the risk of exploit:
- Disable FTP via UnityPro / Ecostruxure Control Expert. This is disabled by default when a new application is created.
- Configure the access control list via Ecostruxure Control Expert programming tool.
- Set up network segmentation and implement a firewall to block all unauthorized access to Port 21/TCP.
Schneider ElectricΓ’ΒΒs Modicon Premium and Modicon Quantum controllers have reached their end of life and are no longer
commercially available. They have been replaced by the Modicon M580 ePAC controller.
For further information please refer to Modicon Controllers Platform - CyberSecurity, Reference Manual and
SEVD-2020-315-01");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7562");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(125);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65160_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65160c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noc78100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noe77101_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noe77111_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxety4103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxety5103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp574634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp575634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp576634_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:modicon_tsxety4103_firmware" :
{"family" : "PremiumCP"},
"cpe:/o:schneider-electric:modicon_tsxety5103_firmware" :
{"family" : "PremiumCP"},
"cpe:/o:schneider-electric:modicon_tsxp574634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_tsxp575634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_tsxp576634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_quantum_140noe77101_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140noe77111_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140noc78100_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65160c_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65160_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware" :
{"family" : "ModiconM340", "versionEndExcluding" : "3.40"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware" :
{"family" : "ModiconM340", "versionEndExcluding" : "3.40"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "v2.11"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv03.50"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv03.50"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv06.70"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv06.70"},
"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "v1.7.ir23"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
40.5%