CVE-2020-7562

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_tsxety4103_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_tsxety4103:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_tsxety5103_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_tsxety5103:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_tsxp574634_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_tsxp574634:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_tsxp575634_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_tsxp575634:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_tsxp576634_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_tsxp576634:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_quantum_140noe77101:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_quantum_140noe77111:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_quantum_140noc78100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_quantum_140noc78100:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2010:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2030:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noc_0401:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100h:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110h:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmx_nor_0200h:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-11-18 14:15

Updated : 2023-12-10 13:41


NVD link : CVE-2020-7562

Mitre link : CVE-2020-7562

CVE.ORG link : CVE-2020-7562


JSON object : View

Products Affected

schneider-electric

  • modicon_quantum_140cpu65150_firmware
  • modicon_m340_bmx_noe_0110_firmware
  • modicon_tsxety5103
  • modicon_m340_bmx_noc_0401_firmware
  • modicon_quantum_140cpu65150c_firmware
  • modicon_m340_bmx_noe_0110
  • modicon_quantum_140noe77111
  • modicon_tsxp574634_firmware
  • modicon_m340_bmx_p34-2030_firmware
  • modicon_tsxp575634
  • modicon_quantum_140noe77101_firmware
  • modicon_m340_bmx_noe_0100_firmware
  • modicon_m340_bmx_noe_0100
  • modicon_tsxp576634
  • modicon_m340_bmx_noe_0100h
  • modicon_m340_bmx_noe_0110h_firmware
  • modicon_quantum_140noc78100_firmware
  • modicon_m340_bmx_p34-2030
  • modicon_m340_bmx_noe_0110h
  • modicon_quantum_140noe77101
  • modicon_tsxp574634
  • modicon_tsxp575634_firmware
  • modicon_tsxety4103_firmware
  • modicon_m340_bmx_nor_0200h_firmware
  • modicon_m340_bmx_noe_0100h_firmware
  • modicon_quantum_140cpu65150c
  • modicon_quantum_140cpu65160c
  • modicon_m340_bmx_noc_0401
  • modicon_m340_bmx_nor_0200h
  • modicon_quantum_140cpu65160c_firmware
  • modicon_quantum_140cpu65160
  • modicon_m340_bmx_p34-2010_firmware
  • modicon_tsxety4103
  • modicon_m340_bmx_p34-2010
  • modicon_tsxety5103_firmware
  • modicon_quantum_140cpu65160_firmware
  • modicon_quantum_140cpu65150
  • modicon_tsxp576634_firmware
  • modicon_quantum_140noe77111_firmware
  • modicon_quantum_140noc78100
CWE
CWE-125

Out-of-bounds Read