CVE-2020-7549

MEDIUM

Modicon M340 and Legacy Modicon Firmware - Denial of Service via Crafted HTTP Requests

Title source: llm

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.se.com/ww/en/download/document/SEVD-2020-343-06/

Scores

CVSS v3 5.3

EPSS 0.0052

EPSS Percentile 67.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-754

Status published

Products (19)

schneider-electric/140cpu65150_firmware

schneider-electric/140noc78000_firmware

schneider-electric/140noc78100_firmware

schneider-electric/140noe77111_firmware < 7.3

schneider-electric/bmxnoc0401_firmware

schneider-electric/bmxnoe0100_firmware < 3.4

schneider-electric/bmxnoe0110_firmware < 6.6

schneider-electric/modicon_m340_bmxp341000_firmware < 3.30

schneider-electric/modicon_m340_bmxp342000_firmware < 3.30

schneider-electric/modicon_m340_bmxp3420102_firmware < 3.30

... and 9 more

Published Dec 11, 2020

Tracked Since Feb 18, 2026