Description
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/
Scores
CVSS v3
7.5
EPSS
0.0082
EPSS Percentile
74.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (50)
schneider-electric/140cpu31110_firmware
schneider-electric/140cpu31110c_firmware
schneider-electric/140cpu43412u_firmware
schneider-electric/140cpu43412uc_firmware
schneider-electric/140cpu65150_firmware
schneider-electric/140cpu65150c_firmware
schneider-electric/140cpu65160_firmware
schneider-electric/140cpu65160c_firmware
schneider-electric/140cpu65160s_firmware
schneider-electric/140cpu65260_firmware
... and 40 more
Published
Apr 18, 2018
Tracked Since
Feb 18, 2026