CVE-2020-7539 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-7539?

CVE-2020-7539 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-7539?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware, Schneider-Electric Modicon M340 Bmxp342000, Schneider-Electric Modicon M340 Bmxp3420102 Firmware.

Vulnerability Description

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Modicon M340 Bmxp341000 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp341000	-
Schneider-Electric	Modicon M340 Bmxp342000 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp342000	-
Schneider-Electric	Modicon M340 Bmxp3420102 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420102	-
Schneider-Electric	Modicon M340 Bmxp3420102Cl Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420102Cl	-
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp342020	-
Schneider-Electric	Modicon M340 Bmxp3420302 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420302	-
Schneider-Electric	Modicon M340 Bmxp3420302Cl Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420302Cl	-
Schneider-Electric	Bmxnoe0100 Firmware	< 3.3
Schneider-Electric	Bmxnoe0100	-
Schneider-Electric	Bmxnoe0110 Firmware	< 6.5
Schneider-Electric	Bmxnoe0110	-
Schneider-Electric	Bmxnoc0401 Firmware	< 2.10
Schneider-Electric	Bmxnoc0401	-

Related Weaknesses (CWE)

CWE-754

References

https://www.se.com/ww/en/download/document/SEVD-2020-343-03/Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-343-03/Vendor Advisory

FAQ

What is CVE-2020-7539?

CVE-2020-7539 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Mo...

How severe is CVE-2020-7539?

CVE-2020-7539 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7539?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware, Schneider-Electric Modicon M340 Bmxp342000, Schneider-Electric Modicon M340 Bmxp3420102 Firmware.