Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SCHNEIDER_CVE-2020-7564.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Schneider Electric Web Server on Modicon M340 Buffer Copy Without Checking Size of Input (CVE-2020-7564)
2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.6%
A CWE-120: Buffer Copy without Checking Size of Input (βClassic Buffer Overflowβ) vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500546);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");
script_cve_id("CVE-2020-7564");
script_name(english:"Schneider Electric Web Server on Modicon M340 Buffer Copy Without Checking Size of Input (CVE-2020-7564)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') vulnerability exists in the Web Server on Modicon M340,
Modicon Quantum and Modicon Premium Legacy offers and their
Communication Modules (see notification for details) which could cause
write access and the execution of commands when uploading a specially
crafted file on the controller over FTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-005-01");
script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Schneider Electric is establishing a remediation plan to fix these vulnerabilities in current and future versions of
Modicon PAC controllers. Schneider Electric will update SEVD-2020-315-01 when the remediation is available. Until then,
users should immediately apply the following mitigations to reduce the risk of exploit:
- Disable FTP via UnityPro / Ecostruxure Control Expert. This is disabled by default when a new application is created.
- Configure the access control list via Ecostruxure Control Expert programming tool.
- Set up network segmentation and implement a firewall to block all unauthorized access to Port 21/TCP.
Schneider ElectricΓ’ΒΒs Modicon Premium and Modicon Quantum controllers have reached their end of life and are no longer
commercially available. They have been replaced by the Modicon M580 ePAC controller.
For further information please refer to Modicon Controllers Platform - CyberSecurity, Reference Manual and
SEVD-2020-315-01");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7564");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65160_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65160c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noc78100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noe77101_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noe77111_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxety4103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxety5103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp574634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp575634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp576634_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:modicon_tsxety4103_firmware" :
{"family" : "PremiumCP"},
"cpe:/o:schneider-electric:modicon_tsxety5103_firmware" :
{"family" : "PremiumCP"},
"cpe:/o:schneider-electric:modicon_tsxp574634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_tsxp575634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_tsxp576634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_quantum_140noe77101_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140noe77111_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140noc78100_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65160c_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65160_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware" :
{"family" : "ModiconM340", "versionEndExcluding" : "3.40"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware" :
{"family" : "ModiconM340", "versionEndExcluding" : "3.40"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "v2.11"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv03.50"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv03.50"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv06.70"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv06.70"},
"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "v1.7.ir23"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | modicon_m340_bmx_noc_0401_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware | |
| schneider-electric | modicon_m340_bmx_noe_0100_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware | |
| schneider-electric | modicon_m340_bmx_noe_0100h_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware | |
| schneider-electric | modicon_m340_bmx_noe_0110_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware | |
| schneider-electric | modicon_m340_bmx_noe_0110h_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware | |
| schneider-electric | modicon_m340_bmx_nor_0200h_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware | |
| schneider-electric | modicon_m340_bmx_p34-2010_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware | |
| schneider-electric | modicon_m340_bmx_p34-2030_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware | |
| schneider-electric | modicon_quantum_140cpu65150_firmware | cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware | |
| schneider-electric | modicon_quantum_140cpu65150c_firmware | cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware |
Related
cvelist
cvelist
CVE-2020-7564
2020-11-18 13:51:16
nvd
nvd
CVE-2020-7564
2020-11-18 14:15:13
cve
cve
CVE-2020-7564
2020-11-18 14:15:13
prion
prion
Buffer overflow
2020-11-18 14:15:00
ics
ics
Schneider Electric Web Server on Modicon M340
2021-01-05 12:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.6%
Related for TENABLE_OT_SCHNEIDER_CVE-2020-7564.NASL