CVE-2020-7524
First published: Mon Aug 31 2020(Updated: )
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Modicon M218 Firmware | <=5.0.0.7 | |
| Schneider-electric Modicon M218 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7524?
CVE-2020-7524 is an Out-of-bounds Write vulnerability that exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) and could cause Denial of Service.
What is the severity of CVE-2020-7524?
The severity of CVE-2020-7524 is high, with a severity value of 7.5.
How does CVE-2020-7524 affect Schneider-electric Modicon M218 Firmware?
CVE-2020-7524 affects Schneider-electric Modicon M218 Firmware versions up to and including 5.0.0.7.
How can CVE-2020-7524 be exploited?
CVE-2020-7524 can be exploited by sending a specific crafted IPv4 packet to the Modicon M218 Logic Controller.
Is Schneider-electric Modicon M218 vulnerable to CVE-2020-7524?
Schneider-electric Modicon M218 is not vulnerable to CVE-2020-7524.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/schneider-electric
- canonical/schneider-electric modicon m218 firmware
- version/schneider-electric modicon m218 firmware/5.0.0.7
- canonical/schneider-electric modicon m218