CVE-2020-7542 — Improper Check for Unusual or Exceptional Conditions in Modicon M340 Bmxp341000 Firmware

CWE-754 — Improper Check for Unusual or Exceptional Conditions3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Modicon M340 Bmxp341000 Firmware Schneider-electric Modicon M340 Bmxp342000 Firmware Schneider-electric Modicon M340 Bmxp3420102 Firmware +13 more

Timeline

PublishedDec 11

Latest updateMay 24

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages16 packages

▶NVDschneider-electric/modicon_m340_bmxp341000_firmware< 3.30

▶NVDschneider-electric/modicon_m340_bmxp342000_firmware< 3.30

▶NVDschneider-electric/modicon_m340_bmxp342020_firmware< 3.30

▶NVDschneider-electric/modicon_m580_bmep581020_firmware< 3.20

▶NVDschneider-electric/modicon_m580_bmep582020_firmware< 3.20

🔴Vulnerability Details

GHSA

GHSA-c36c-5h7j-842j: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum↗2022-05-24

▶

CVEList

CVE-2020-7542: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum↗2020-12-11

▶