CVE-2020-7536 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-7536?

CVE-2020-7536 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-7536?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware, Schneider-Electric Modicon M340 Bmxp342000, Schneider-Electric Modicon M340 Bmxp3420102 Firmware.

Vulnerability Description

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Modicon M340 Bmxp341000 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp341000	-
Schneider-Electric	Modicon M340 Bmxp342000 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp342000	-
Schneider-Electric	Modicon M340 Bmxp3420102 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420102	-
Schneider-Electric	Modicon M340 Bmxp3420102Cl Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420102Cl	-
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp342020	-
Schneider-Electric	Modicon M340 Bmxp3420302 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420302	-
Schneider-Electric	Modicon M340 Bmxp3420302Cl Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420302Cl	-
Schneider-Electric	Bmxnoe0100 Firmware	< 3.4
Schneider-Electric	Bmxnoe0100	-
Schneider-Electric	Bmxnoe0110 Firmware	< 6.6
Schneider-Electric	Bmxnoe0110	-
Schneider-Electric	Bmxnor0200H Firmware	All versions
Schneider-Electric	Bmxnor0200H	-

Related Weaknesses (CWE)

CWE-754

References

https://security.cse.iitk.ac.in/responsible-disclosureVendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-343-07/Vendor Advisory
https://security.cse.iitk.ac.in/responsible-disclosureVendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-343-07/Vendor Advisory

FAQ

What is CVE-2020-7536?

CVE-2020-7536 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) v...

How severe is CVE-2020-7536?

CVE-2020-7536 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7536?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware, Schneider-Electric Modicon M340 Bmxp342000, Schneider-Electric Modicon M340 Bmxp3420102 Firmware.