CVE-2020-7539

HIGH

Modicon M340 BMXP34 Firmware < 3.30 - Denial of Service via HTTP Packet

Title source: llm

Description

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.se.com/ww/en/download/document/SEVD-2020-343-03/

Scores

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 60.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-754

Status published

Products (20)

schneider-electric/140cpu65150_firmware < 6.1

schneider-electric/140noc77101_firmware < 1.08

schneider-electric/140noc78000_firmware < 1.74

schneider-electric/140noc78100_firmware < 1.74

schneider-electric/140noe77111_firmware < 7.1

schneider-electric/bmxnoc0401_firmware < 2.10

schneider-electric/bmxnoe0100_firmware < 3.3

schneider-electric/bmxnoe0110_firmware < 6.5

schneider-electric/modicon_m340_bmxp341000_firmware < 3.30

schneider-electric/modicon_m340_bmxp342000_firmware < 3.30

... and 10 more

Published Dec 11, 2020

Tracked Since Feb 18, 2026