Buffer overflow in Schneider-electric Modicon_m340_bmx_noc_0401

CVE-2020-7564

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification f…

Vulnerability class: Buffer Overflow

EPSS: 0.011 (61.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2020-7564?
CVE-2020-7564 is a high-severity vulnerability in Schneider-electric Modicon_m340_bmx_noc_0401, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 8.8/10. Published 2020-11-18.
How severe is CVE-2020-7564?
High severity. CVSS v3 base score is 8.8 out of 10.