CVE-2020-7524
HIGHModicon M218 Firmware < 5.0.0.7 - Denial of Service via Crafted IPv4 Packet
Title source: llmDescription
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-224-03/
Scores
CVSS v3
7.5
EPSS
0.0039
EPSS Percentile
60.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
schneider-electric/modicon_m218_firmware
< 5.0.0.7
Published
Aug 31, 2020
Tracked Since
Feb 18, 2026