CVE-2020-7549 — MEDIUM (5.3)

Q: How severe is CVE-2020-7549?

CVE-2020-7549 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-7549?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware, Schneider-Electric Modicon M340 Bmxp342000, Schneider-Electric Modicon M340 Bmxp3420102 Firmware.

Vulnerability Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Schneider-Electric	Modicon M340 Bmxp341000 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp341000	-
Schneider-Electric	Modicon M340 Bmxp342000 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp342000	-
Schneider-Electric	Modicon M340 Bmxp3420102 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420102	-
Schneider-Electric	Modicon M340 Bmxp3420102Cl Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420102Cl	-
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp342020	-
Schneider-Electric	Modicon M340 Bmxp3420302 Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420302	-
Schneider-Electric	Modicon M340 Bmxp3420302Cl Firmware	< 3.30
Schneider-Electric	Modicon M340 Bmxp3420302Cl	-
Schneider-Electric	Bmxnoe0100 Firmware	< 3.4
Schneider-Electric	Bmxnoe0100	-
Schneider-Electric	Bmxnoe0110 Firmware	< 6.6
Schneider-Electric	Bmxnoe0110	-
Schneider-Electric	Bmxnoc0401 Firmware	All versions
Schneider-Electric	Bmxnoc0401	-

Related Weaknesses (CWE)

CWE-754

References

https://www.se.com/ww/en/download/document/SEVD-2020-343-06/Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-343-06/Vendor Advisory

FAQ

What is CVE-2020-7549?

CVE-2020-7549 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication M...

How severe is CVE-2020-7549?

CVE-2020-7549 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7549?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware, Schneider-Electric Modicon M340 Bmxp342000, Schneider-Electric Modicon M340 Bmxp3420102 Firmware.