#VU49326 Out-of-bounds read in Schneider Electric products - CVE-2020-7562
Published: November 18, 2020 / Updated: March 30, 2021
Vulnerability identifier: #VU49326
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-7562
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
BMX P34x
BMX NOE 0100 (H)
BMX NOE 0110 (H)
BMX NOC 0401
BMX NOR 0200H
TSXP574634
TSXP575634
TSXP576634
TSXETY4103
TSXETY5103
140CPU65xxxxx
140NOE771x1
140NOC78x00
140NOC77101
BMX P34x
BMX NOE 0100 (H)
BMX NOE 0110 (H)
BMX NOC 0401
BMX NOR 0200H
TSXP574634
TSXP575634
TSXP576634
TSXETY4103
TSXETY5103
140CPU65xxxxx
140NOE771x1
140NOC78x00
140NOC77101
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when uploading a specially crafted file on the controller over FTP. A remote authenticated attacker can trigger out-of-bounds read error and read contents of memory on the system.
This vulnerability affects the following Modicon products:
- M340 CPUs
- BMX P34x, all versions
- M340 Communication Ethernet modules
- BMX NOE 0100 (H), all versions
- BMX NOE 0110 (H), all versions
- BMX NOC 0401, all versions
- BMX NOR 0200H, all versions
- Premium processors with integrated Ethernet COPRO
- TSXP574634, TSXP575634, TSXP576634, all versions
- Premium communication modules
- TSXETY4103, all versions
- TSXETY5103, all versions
- Quantum processors with integrated Ethernet COPRO
- 140CPU65xxxxx, all versions
- Quantum communication modules
- 140NOE771x1, all versions
- 140NOC78x00, all versions
- 140NOC77101, all versions
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.