Vulnerability Details CVE-2020-7562
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.4%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.8
References
Products affected by CVE-2020-7562
-
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noc_0401:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmx_nor_0200h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2010:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2030:-
-
cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-
-
cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-
-
cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-
-
cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-
-
cpe:2.3:h:schneider-electric:modicon_quantum_140noc78100:-
-
cpe:2.3:h:schneider-electric:modicon_quantum_140noe77101:-
-
cpe:2.3:h:schneider-electric:modicon_quantum_140noe77111:-
-
cpe:2.3:h:schneider-electric:modicon_tsxety4103:-
-
cpe:2.3:h:schneider-electric:modicon_tsxety5103:-
-
cpe:2.3:h:schneider-electric:modicon_tsxp574634:-
-
cpe:2.3:h:schneider-electric:modicon_tsxp575634:-
-
cpe:2.3:h:schneider-electric:modicon_tsxp576634:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150c_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160c_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_140noc78100_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware:6.9
-
cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware:6.9
-
cpe:2.3:o:schneider-electric:modicon_tsxety4103_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_tsxety5103_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_tsxp574634_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_tsxp575634_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_tsxp576634_firmware:-