1. Home
  2. CVE Database
  3. CVE-2020-7562
HIGH · 8.1

CVE-2020-7562

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) w...

Vulnerability Description

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricModicon Tsxety4103 FirmwareAll versions
Schneider-ElectricModicon Tsxety4103-
Schneider-ElectricModicon Tsxety5103 FirmwareAll versions
Schneider-ElectricModicon Tsxety5103-
Schneider-ElectricModicon Tsxp574634 FirmwareAll versions
Schneider-ElectricModicon Tsxp574634-
Schneider-ElectricModicon Tsxp575634 FirmwareAll versions
Schneider-ElectricModicon Tsxp575634-
Schneider-ElectricModicon Tsxp576634 FirmwareAll versions
Schneider-ElectricModicon Tsxp576634-
Schneider-ElectricModicon Quantum 140Noe77101 FirmwareAll versions
Schneider-ElectricModicon Quantum 140Noe77101-
Schneider-ElectricModicon Quantum 140Noe77111 FirmwareAll versions
Schneider-ElectricModicon Quantum 140Noe77111-
Schneider-ElectricModicon Quantum 140Noc78100 FirmwareAll versions
Schneider-ElectricModicon Quantum 140Noc78100-
Schneider-ElectricModicon Quantum 140Cpu65150 FirmwareAll versions
Schneider-ElectricModicon Quantum 140Cpu65150-
Schneider-ElectricModicon Quantum 140Cpu65150C FirmwareAll versions
Schneider-ElectricModicon Quantum 140Cpu65150C-

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2020-7562?

CVE-2020-7562 is a vulnerability with a CVSS score of 8.1 (HIGH). A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) w...

How severe is CVE-2020-7562?

CVE-2020-7562 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7562?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon Tsxety4103 Firmware, Schneider-Electric Modicon Tsxety4103, Schneider-Electric Modicon Tsxety5103 Firmware, Schneider-Electric Modicon Tsxety5103, Schneider-Electric Modicon Tsxp574634 Firmware.