CVE-2020-7537
published 2020-12-11CVE-2020-7537: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum &…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | modicon_m340_bmxp341000_firmware | < 3.30 | 3.30 |
| schneider-electric | modicon_m340_bmxp342000_firmware | < 3.30 | 3.30 |
| schneider-electric | modicon_m340_bmxp3420102_firmware | < 3.30 | 3.30 |
| schneider-electric | modicon_m340_bmxp3420102cl_firmware | < 3.30 | 3.30 |
| schneider-electric | modicon_m340_bmxp342020_firmware | < 3.30 | 3.30 |
| schneider-electric | modicon_m340_bmxp3420302_firmware | < 3.30 | 3.30 |
| schneider-electric | modicon_m340_bmxp3420302cl_firmware | < 3.30 | 3.30 |
| schneider-electric | modicon_m580_bmep581020_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m580_bmep582020_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m580_bmep582040_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m580_bmep583020_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m580_bmep583040_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m580_bmep584020_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m580_bmep584040_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m580_bmep585040_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m580_bmep586040_firmware | < 3.20 | 3.20 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH