CVE-2020-7539

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2020-343-03/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*

History

10 Apr 2024, 12:28

Type	Values Removed	Values Added
First Time		Schneider-electric modicon M340 Bmxp3420102 Firmware Schneider-electric modicon M340 Bmxp342000 Firmware Schneider-electric modicon M340 Bmxp342000 Schneider-electric modicon M340 Bmxp341000 Firmware Schneider-electric modicon M340 Bmxp3420302cl Schneider-electric modicon M340 Bmxp342020 Schneider-electric modicon M340 Bmxp341000 Schneider-electric modicon M340 Bmxp3420102cl Schneider-electric modicon M340 Bmxp342020 Firmware Schneider-electric modicon M340 Bmxp3420302cl Firmware Schneider-electric modicon M340 Bmxp3420102 Schneider-electric modicon M340 Bmxp3420102cl Firmware Schneider-electric modicon M340 Bmxp3420302 Schneider-electric modicon M340 Bmxp3420302 Firmware
CPE	cpe:2.3:h:schneider-electric:bmxp3420302cl:-:::::::* cpe:2.3:h:schneider-electric:bmxp342000:-:::::::* cpe:2.3:o:schneider-electric:bmxp3420302cl_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp3420102:-:::::::* cpe:2.3:o:schneider-electric:bmxp3420102_firmware:::::::: cpe:2.3:o:schneider-electric:bmxp3420102cl_firmware:::::::: cpe:2.3:o:schneider-electric:bmxp3420302_firmware:::::::: cpe:2.3:o:schneider-electric:bmxp342000_firmware:::::::: cpe:2.3:o:schneider-electric:bmxp342020_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp341000:-:::::::* cpe:2.3:o:schneider-electric:bmxp341000_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp3420102cl:-:::::::* cpe:2.3:h:schneider-electric:bmxp342020:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420302:-:::::::*	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:::::::*

Information

Published : 2020-12-11 01:15

Updated : 2024-04-10 12:28

NVD link : CVE-2020-7539

Mitre link : CVE-2020-7539

CVE.ORG link : CVE-2020-7539

JSON object : View

Products Affected

schneider-electric

tsxp574634
tsxety4103_firmware
tsxp575634_firmware
tsxp574634_firmware
modicon_m340_bmxp3420102cl_firmware
140noc78000
modicon_m340_bmxp342020
modicon_m340_bmxp341000
modicon_m340_bmxp3420302_firmware
140noc78100_firmware
140noe77111_firmware
bmxnoe0110
modicon_m340_bmxp3420102_firmware
tsxp576634
modicon_m340_bmxp3420302
modicon_m340_bmxp3420302cl
modicon_m340_bmxp3420102cl
modicon_m340_bmxp3420302cl_firmware
modicon_m340_bmxp3420102
140noc77101
modicon_m340_bmxp342000_firmware
bmxnoc0401_firmware
modicon_m340_bmxp342000
140cpu65150_firmware
tsxp575634
tsxety4103
140noc78100
140noc77101_firmware
tsxety5103_firmware
bmxnoe0100
140noc78000_firmware
bmxnoc0401
tsxp576634_firmware
tsxety5103
bmxnoe0100_firmware
140cpu65150
bmxnoe0110_firmware
modicon_m340_bmxp342020_firmware
140noe77111
modicon_m340_bmxp341000_firmware

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-7539

7.5^/10

5.0^/10

Attach tags to `CVE-2020-7539`