CVE-2020-7549
MEDIUMModicon M340 and Legacy Modicon Firmware - Denial of Service via Crafted HTTP Requests
Title source: llmDescription
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.se.com/ww/en/download/document/SEVD-2020-343-06/
Scores
CVSS v3
5.3
EPSS
0.0106
EPSS Percentile
60.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (20)
None/Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communi
schneider-electric/140cpu65150_firmware
schneider-electric/140noc78000_firmware
schneider-electric/140noc78100_firmware
schneider-electric/140noe77111_firmware
< 7.3
schneider-electric/bmxnoc0401_firmware
schneider-electric/bmxnoe0100_firmware
< 3.4
schneider-electric/bmxnoe0110_firmware
< 6.6
schneider-electric/modicon_m340_bmxp341000_firmware
< 3.30
schneider-electric/modicon_m340_bmxp342000_firmware
< 3.30
... and 10 more
Published
Dec 11, 2020
Tracked Since
Feb 18, 2026