CVE-2020-7524 — Out-of-bounds Write in Modicon M218 Firmware

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Modicon M218 Firmware

Timeline

PublishedAug 31

Latest updateMay 24

Description

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDschneider-electric/modicon_m218_firmware5.0.0.7

🔴Vulnerability Details

GHSA

GHSA-v479-fx8q-4c3m: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5↗2022-05-24

▶

CVEList

CVE-2020-7524: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5↗2020-08-31

▶