Buffer overflow in Schneider-electric Modicon_m340_bmx_noc_0401
CVE-2020-7564
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification f…
Vulnerability class: Buffer Overflow
EPSS: 0.011 (61.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Schneider-electric Modicon_m340_bmx_noc_0401
- Schneider-electric Modicon_m340_bmx_noc_0401_firmware
- Schneider-electric Modicon_m340_bmx_noe_0100
- Schneider-electric Modicon_m340_bmx_noe_0100_firmware
- Schneider-electric Modicon_m340_bmx_noe_0100h
- Schneider-electric Modicon_m340_bmx_noe_0100h_firmware
- Schneider-electric Modicon_m340_bmx_noe_0110
- Schneider-electric Modicon_m340_bmx_noe_0110_firmware
- Schneider-electric Modicon_m340_bmx_noe_0110h
- Schneider-electric Modicon_m340_bmx_noe_0110h_firmware
Weakness classification (CWE)
References
- cybersecurity@se.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-7564?
- CVE-2020-7564 is a high-severity vulnerability in Schneider-electric Modicon_m340_bmx_noc_0401, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 8.8/10. Published 2020-11-18.
- How severe is CVE-2020-7564?
- High severity. CVSS v3 base score is 8.8 out of 10.