CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
40.5%
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | modicon_tsxety4103_firmware | * | cpe:2.3:o:schneider-electric:modicon_tsxety4103_firmware:*:*:*:*:*:*:*:* |
schneider-electric | modicon_tsxety4103 | - | cpe:2.3:h:schneider-electric:modicon_tsxety4103:-:*:*:*:*:*:*:* |
schneider-electric | modicon_tsxety5103_firmware | * | cpe:2.3:o:schneider-electric:modicon_tsxety5103_firmware:*:*:*:*:*:*:*:* |
schneider-electric | modicon_tsxety5103 | - | cpe:2.3:h:schneider-electric:modicon_tsxety5103:-:*:*:*:*:*:*:* |
schneider-electric | modicon_tsxp574634_firmware | * | cpe:2.3:o:schneider-electric:modicon_tsxp574634_firmware:*:*:*:*:*:*:*:* |
schneider-electric | modicon_tsxp574634 | - | cpe:2.3:h:schneider-electric:modicon_tsxp574634:-:*:*:*:*:*:*:* |
schneider-electric | modicon_tsxp575634_firmware | * | cpe:2.3:o:schneider-electric:modicon_tsxp575634_firmware:*:*:*:*:*:*:*:* |
schneider-electric | modicon_tsxp575634 | - | cpe:2.3:h:schneider-electric:modicon_tsxp575634:-:*:*:*:*:*:*:* |
schneider-electric | modicon_tsxp576634_firmware | * | cpe:2.3:o:schneider-electric:modicon_tsxp576634_firmware:*:*:*:*:*:*:*:* |
schneider-electric | modicon_tsxp576634 | - | cpe:2.3:h:schneider-electric:modicon_tsxp576634:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
40.5%