cbcvebase.
CVE-2015-7937
published 2015-12-21

CVE-2015-7937: Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute…

PriorityP267critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
7.35%
93.6th percentile
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit is delivered via a long password field in HTTP Basic Authentication headers sent to the GoAhead Web Server on affected Modicon M340 devices; monitor for abnormally long Authorization: Basic header values on port 80.
  • Low-skill remote exploitation is possible with no authentication required (CVSS PR:N, UI:N); any unauthenticated HTTP request with an oversized Basic Auth password to port 80 on affected PLCs should be treated as a high-confidence attack indicator.
  • ·No known public exploits exist for this CVE at time of advisory publication; detections should focus on anomalous HTTP Basic Auth traffic rather than known exploit signatures.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.