Buffer overflow in Schneider-electric Bmxnoc0401
CVE-2015-7937
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.
Vulnerability class: Buffer Overflow
EPSS: 0.074 (93.6th percentile) — read the EPSS interpretation.
Affected products
- Schneider-electric Bmxnoc0401
- Schneider-electric Bmxnoe0100
- Schneider-electric Bmxnoe0100h
- Schneider-electric Bmxnoe0110
- Schneider-electric Bmxnoe0110h
- Schneider-electric Bmxnor0200
- Schneider-electric Bmxnor0200h
- Schneider-electric Bmxpra0100
- Schneider-electric Modicon_m340_bmxp342020
- Schneider-electric Modicon_m340_bmxp342020h
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
- ics-cert@hq.dhs.gov (vdb-entry, x_refsource_BID)
- ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Vendor Advisory)