CVE-2020-7549

MEDIUM

Modicon M340 and Legacy Modicon Firmware - Denial of Service via Crafted HTTP Requests

Title source: llm
STIX 2.1

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.

References (1)

Core 1
Core References

Scores

CVSS v3 5.3
EPSS 0.0106
EPSS Percentile 60.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-754
Status published
Products (20)
None/Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communi
schneider-electric/140cpu65150_firmware
schneider-electric/140noc78000_firmware
schneider-electric/140noc78100_firmware
schneider-electric/140noe77111_firmware < 7.3
schneider-electric/bmxnoc0401_firmware
schneider-electric/bmxnoe0100_firmware < 3.4
schneider-electric/bmxnoe0110_firmware < 6.6
schneider-electric/modicon_m340_bmxp341000_firmware < 3.30
schneider-electric/modicon_m340_bmxp342000_firmware < 3.30
... and 10 more
Published Dec 11, 2020
Tracked Since Feb 18, 2026