CVE-2020-7536

CWE-7543 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Bmxnoe0100 Firmware Schneider-electric Bmxnoe0110 Firmware Schneider-electric Modicon M340 Bmxp341000 Firmware +6 more

Timeline

PublishedDec 11

Latest updateMay 24

Description

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDschneider-electric/modicon_m340_bmxp341000_firmware< 3.30

▶NVDschneider-electric/modicon_m340_bmxp342000_firmware< 3.30

▶NVDschneider-electric/modicon_m340_bmxp342020_firmware< 3.30

▶NVDschneider-electric/modicon_m340_bmxp3420102_firmware< 3.30

▶NVDschneider-electric/modicon_m340_bmxp3420302_firmware< 3.30

🔴Vulnerability Details

GHSA

GHSA-7f68-748r-v7xr: A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3↗2022-05-24

▶

CVEList

CVE-2020-7536: A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3↗2020-12-11

▶