// For flags

CVE-2020-7564

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.

CWE-120: Una vulnerabilidad de Copia de búfer sin Comprobar el Tamaño de la Entrada ("Classic Buffer Overflow") se presenta en el Servidor Web de unas ofertas de Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de Comunicación (véase la notificación para más detalles) que podría causar acceso de escritura y una ejecución de comandos al cargar un archivo especialmente diseñado en el controlador por medio de FTP

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-21 CVE Reserved
  • 2020-11-18 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxety4103 Firmware
Search vendor "Schneider-electric" for product "Modicon Tsxety4103 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxety4103
Search vendor "Schneider-electric" for product "Modicon Tsxety4103"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxety5103 Firmware
Search vendor "Schneider-electric" for product "Modicon Tsxety5103 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxety5103
Search vendor "Schneider-electric" for product "Modicon Tsxety5103"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxp574634 Firmware
Search vendor "Schneider-electric" for product "Modicon Tsxp574634 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxp574634
Search vendor "Schneider-electric" for product "Modicon Tsxp574634"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxp575634 Firmware
Search vendor "Schneider-electric" for product "Modicon Tsxp575634 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxp575634
Search vendor "Schneider-electric" for product "Modicon Tsxp575634"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxp576634 Firmware
Search vendor "Schneider-electric" for product "Modicon Tsxp576634 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Tsxp576634
Search vendor "Schneider-electric" for product "Modicon Tsxp576634"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140noe77101 Firmware
Search vendor "Schneider-electric" for product "Modicon Quantum 140noe77101 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140noe77101
Search vendor "Schneider-electric" for product "Modicon Quantum 140noe77101"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140noe77111 Firmware
Search vendor "Schneider-electric" for product "Modicon Quantum 140noe77111 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140noe77111
Search vendor "Schneider-electric" for product "Modicon Quantum 140noe77111"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140noc78100 Firmware
Search vendor "Schneider-electric" for product "Modicon Quantum 140noc78100 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140noc78100
Search vendor "Schneider-electric" for product "Modicon Quantum 140noc78100"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140cpu65150 Firmware
Search vendor "Schneider-electric" for product "Modicon Quantum 140cpu65150 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140cpu65150
Search vendor "Schneider-electric" for product "Modicon Quantum 140cpu65150"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140cpu65150c Firmware
Search vendor "Schneider-electric" for product "Modicon Quantum 140cpu65150c Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140cpu65150c
Search vendor "Schneider-electric" for product "Modicon Quantum 140cpu65150c"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140cpu65160c Firmware
Search vendor "Schneider-electric" for product "Modicon Quantum 140cpu65160c Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140cpu65160c
Search vendor "Schneider-electric" for product "Modicon Quantum 140cpu65160c"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140cpu65160 Firmware
Search vendor "Schneider-electric" for product "Modicon Quantum 140cpu65160 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon Quantum 140cpu65160
Search vendor "Schneider-electric" for product "Modicon Quantum 140cpu65160"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx P34-2010 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmx P34-2010 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx P34-2010
Search vendor "Schneider-electric" for product "Modicon M340 Bmx P34-2010"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx P34-2030 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmx P34-2030 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx P34-2030
Search vendor "Schneider-electric" for product "Modicon M340 Bmx P34-2030"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noc 0401 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noc 0401 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noc 0401
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noc 0401"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noe 0100 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noe 0100 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noe 0100
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noe 0100"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noe 0100h Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noe 0100h Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noe 0100h
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noe 0100h"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noe 0110 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noe 0110 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noe 0110
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noe 0110"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noe 0110h Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noe 0110h Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Noe 0110h
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Noe 0110h"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Nor 0200h Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Nor 0200h Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmx Nor 0200h
Search vendor "Schneider-electric" for product "Modicon M340 Bmx Nor 0200h"
--
Safe