Vulnerability Details CVE-2015-7937
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01
- http://www.securityfocus.com/bid/79622
- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01
- http://www.securityfocus.com/bid/79622
- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01
Products affected by CVE-2015-7937
-
cpe:2.3:h:schneider-electric:bmxnoc0401:-
-
cpe:2.3:h:schneider-electric:bmxnoe0100:-
-
cpe:2.3:h:schneider-electric:bmxnoe0100h:-
-
cpe:2.3:h:schneider-electric:bmxnoe0110:-
-
cpe:2.3:h:schneider-electric:bmxnoe0110h:-
-
cpe:2.3:h:schneider-electric:bmxnor0200:-
-
cpe:2.3:h:schneider-electric:bmxnor0200h:-
-
cpe:2.3:h:schneider-electric:bmxpra0100:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-