First published: Wed Nov 18 2020(Updated: )
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Modicon Tsxety4103 Firmware | ||
Schneider-electric Modicon Tsxety4103 | ||
Schneider-electric Modicon Tsxety5103 Firmware | ||
Schneider-electric Modicon Tsxety5103 | ||
Schneider-electric Modicon Tsxp574634 Firmware | ||
Schneider-electric Modicon Tsxp574634 | ||
Schneider-electric Modicon Tsxp575634 Firmware | ||
Schneider-electric Modicon Tsxp575634 | ||
Schneider-electric Modicon Tsxp576634 Firmware | ||
Schneider-electric Modicon Tsxp576634 | ||
Schneider-electric Modicon Quantum 140noe77101 Firmware | ||
Schneider-electric Modicon Quantum 140noe77101 | ||
Schneider-electric Modicon Quantum 140noe77111 Firmware | ||
Schneider-electric Modicon Quantum 140noe77111 | ||
Schneider-electric Modicon Quantum 140noc78100 Firmware | ||
Schneider-electric Modicon Quantum 140noc78100 | ||
Schneider-electric Modicon Quantum 140cpu65150 Firmware | ||
Schneider-electric Modicon Quantum 140cpu65150 | ||
Schneider-electric Modicon Quantum 140cpu65150c Firmware | ||
Schneider-electric Modicon Quantum 140cpu65150c | ||
Schneider-electric Modicon Quantum 140cpu65160c Firmware | ||
Schneider-electric Modicon Quantum 140cpu65160c | ||
Schneider-electric Modicon Quantum 140cpu65160 Firmware | ||
Schneider-electric Modicon Quantum 140cpu65160 | ||
Schneider-electric Modicon M340 Bmx P34-2010 Firmware | ||
Schneider-electric Modicon M340 Bmx P34-2010 | ||
Schneider-electric Modicon M340 Bmx P34-2030 Firmware | ||
Schneider-electric Modicon M340 Bmx P34-2030 | ||
Schneider-electric Modicon M340 Bmx Noc 0401 Firmware | ||
Schneider-electric Modicon M340 Bmx Noc 0401 | ||
Schneider-electric Modicon M340 Bmx Noe 0100 Firmware | ||
Schneider-electric Modicon M340 Bmx Noe 0100 | ||
Schneider-electric Modicon M340 Bmx Noe 0100h Firmware | ||
Schneider-electric Modicon M340 Bmx Noe 0100h | ||
Schneider-electric Modicon M340 Bmx Noe 0110 Firmware | ||
Schneider-electric Modicon M340 Bmx Noe 0110 | ||
Schneider-electric Modicon M340 Bmx Noe 0110h Firmware | ||
Schneider-electric Modicon M340 Bmx Noe 0110h | ||
Schneider-electric Modicon M340 Bmx Nor 0200h Firmware | ||
Schneider-electric Modicon M340 Bmx Nor 0200h |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-7562.
The severity of CVE-2020-7562 is high (8.1).
The affected software for CVE-2020-7562 includes Schneider-electric Modicon TSXETY4103, Modicon TSXETY5103, Modicon TSXP574634, Modicon TSXP575634, Modicon TSXP576634, Modicon Quantum 140NOE77101, Modicon Quantum 140NOE77111, Modicon Quantum 140NOC78100, Modicon Quantum 140CPU65150, Modicon Quantum 140CPU65150C, Modicon Quantum 140CPU65160C, Modicon Quantum 140CPU65160, Modicon M340 BMX P34-2010, Modicon M340 BMX P34-2030, Modicon M340 BMX NOC 0401, Modicon M340 BMX NOE 0100, Modicon M340 BMX NOE 0100H, Modicon M340 BMX NOE 0110, Modicon M340 BMX NOE 0110H, Modicon M340 BMX NOR 0200H.
The CWE ID for this vulnerability is CWE-125.
To fix CVE-2020-7562, it is recommended to follow the guidance provided by the vendor and apply any available patches or updates to the affected software.