CVE-2020-7562: Buffer Overflow
First published: Wed Nov 18 2020(Updated: )
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| schneider-electric Modicon tsxety4103 | ||
| schneider-electric Modicon TSXETY4103 Firmware | ||
| Schneider Electric Modicon TSXETY5103 Firmware | ||
| Schneider Electric Modicon TSXETY5103 Firmware | ||
| Schneider Electric Modicon TSXP574634 Firmware | ||
| Schneider Electric Modicon TSXP574634 Firmware | ||
| Modicon TSXP575634 | ||
| Modicon TSXP575634 | ||
| Schneider Electric Modicon TSXP576634 | ||
| schneider-electric Modicon tsxp576634 firmware | ||
| Schneider Electric Modicon Quantum Firmware | ||
| Schneider-electric Quantum Ethernet Module 140noe77101 | ||
| schneider-electric Modicon Quantum 140noe77111 firmware | ||
| Modicon Quantum 140NOE77111 | ||
| Modicon Quantum 140noc78100 | ||
| Modicon Quantum 140noc78100 | ||
| Schneider Electric Modicon Quantum Firmware | ||
| schneider-electric Modicon Quantum 140cpu65150 firmware | ||
| Schneider Electric Modicon Quantum 140CPU65160C Firmware | ||
| schneider-electric Modicon Quantum 140cpu65150c firmware | ||
| schneider-electric Modicon Quantum 140cpu65160c | ||
| Schneider Electric Modicon Quantum 140CPU65160C Firmware | ||
| schneider-electric Modicon Quantum 140cpu65160 firmware | ||
| schneider-electric Modicon Quantum 140cpu65160c | ||
| Schneider Electric Modicon M340 Firmware | ||
| Modicon M340 | ||
| Schneider Electric Modicon M340 BMX P34-2030 Firmware | ||
| Schneider Electric Modicon M340 | ||
| schneider-electric Modicon M340 | ||
| Schneider Electric Modicon M340 BMXNOC0401 | ||
| Schneider Electric Modicon M340 BMX NOE 0100 Firmware | ||
| Schneider Electric Modicon M340 BMX NOE 0100 Firmware | ||
| Schneider Electric Modicon M340 BMX NOE 0100H Firmware | ||
| Schneider Electric Modicon M340 BMX NOE 0100H Firmware | ||
| schneider-electric Modicon M340 | ||
| Schneider Electric Modicon M340 BMX NOE 0110H | ||
| Schneider Electric Modicon M340 BMX NOE 0110H Firmware | ||
| Schneider Electric Modicon M340 BMX NOE 0110H | ||
| Schneider Electric Modicon M340 BMX NOR 0200H Firmware | ||
| Schneider Electric Modicon M340 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-7562.
What is the severity of CVE-2020-7562?
The severity of CVE-2020-7562 is high (8.1).
What is the affected software for CVE-2020-7562?
The affected software for CVE-2020-7562 includes Schneider-electric Modicon TSXETY4103, Modicon TSXETY5103, Modicon TSXP574634, Modicon TSXP575634, Modicon TSXP576634, Modicon Quantum 140NOE77101, Modicon Quantum 140NOE77111, Modicon Quantum 140NOC78100, Modicon Quantum 140CPU65150, Modicon Quantum 140CPU65150C, Modicon Quantum 140CPU65160C, Modicon Quantum 140CPU65160, Modicon M340 BMX P34-2010, Modicon M340 BMX P34-2030, Modicon M340 BMX NOC 0401, Modicon M340 BMX NOE 0100, Modicon M340 BMX NOE 0100H, Modicon M340 BMX NOE 0110, Modicon M340 BMX NOE 0110H, Modicon M340 BMX NOR 0200H.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-125.
How can I fix CVE-2020-7562?
To fix CVE-2020-7562, it is recommended to follow the guidance provided by the vendor and apply any available patches or updates to the affected software.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider-electric modicon tsxety4103
- canonical/schneider-electric modicon tsxety4103 firmware
- canonical/schneider electric modicon tsxety5103 firmware
- canonical/schneider electric modicon tsxp574634 firmware
- canonical/modicon tsxp575634
- canonical/schneider electric modicon tsxp576634
- canonical/schneider-electric modicon tsxp576634 firmware
- canonical/schneider electric modicon quantum firmware
- canonical/schneider-electric quantum ethernet module 140noe77101
- canonical/schneider-electric modicon quantum 140noe77111 firmware
- canonical/modicon quantum 140noe77111
- canonical/modicon quantum 140noc78100
- canonical/schneider-electric modicon quantum 140cpu65150 firmware
- canonical/schneider electric modicon quantum 140cpu65160c firmware
- canonical/schneider-electric modicon quantum 140cpu65150c firmware
- canonical/schneider-electric modicon quantum 140cpu65160c
- canonical/schneider-electric modicon quantum 140cpu65160 firmware
- canonical/schneider electric modicon m340 firmware
- canonical/modicon m340
- canonical/schneider electric modicon m340 bmx p34-2030 firmware
- canonical/schneider electric modicon m340
- canonical/schneider-electric modicon m340
- canonical/schneider electric modicon m340 bmxnoc0401
- canonical/schneider electric modicon m340 bmx noe 0100 firmware
- canonical/schneider electric modicon m340 bmx noe 0100h firmware
- canonical/schneider electric modicon m340 bmx noe 0110h
- canonical/schneider electric modicon m340 bmx noe 0110h firmware
- canonical/schneider electric modicon m340 bmx nor 0200h firmware