CVE-2020-7539

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2020-343-03/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:bmxp341000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxp341000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:bmxp342000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxp342000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:bmxp3420102_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxp3420102:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:bmxp3420102cl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxp3420102cl:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:bmxp342020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxp342020:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:bmxp3420302_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxp3420302:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:bmxp3420302cl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxp3420302cl:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*

Information

Published : 2020-12-10 17:15

Updated : 2020-12-14 12:53

NVD link : CVE-2020-7539

Mitre link : CVE-2020-7539

JSON object : View

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

Products Affected

schneider-electric

140cpu65150_firmware
bmxp3420102cl
bmxp342000
tsxp575634_firmware
bmxp3420302
140noc77101
bmxp3420102_firmware
140cpu65150
bmxnoe0100
bmxp3420302cl_firmware
tsxp574634_firmware
tsxety4103
140noc78000
bmxnoc0401_firmware
tsxp574634
bmxp341000
bmxp3420102cl_firmware
tsxp576634
tsxety5103
tsxp575634
tsxety4103_firmware
tsxp576634_firmware
bmxp342000_firmware
bmxnoe0110_firmware
bmxp3420102
140noc78000_firmware
140noc77101_firmware
bmxnoe0100_firmware
tsxety5103_firmware
bmxp342020
140noe77111_firmware
bmxnoe0110
140noc78100_firmware
bmxp342020_firmware
140noe77111
bmxp341000_firmware
bmxnoc0401
bmxp3420302_firmware
140noc78100
bmxp3420302cl

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-7539

7.5^/10

5.0^/10

Attach tags to `CVE-2020-7539`