← Back

CVE-2015-7937

nvd nist
Published: Dec 21, 2015Modified: May 6, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.

Affected (13)

Schneider Electric
13 products
Bmxnoc0401
Bmxnoe0100
Bmxnoe0100h
Bmxnoe0110
Bmxnoe0110h
Bmxnor0200
Bmxnor0200h
Bmxpra0100
Modicon M340 Bmxp342020
Modicon M340 Bmxp342020h
Modicon M340 Bmxp342030
Modicon M340 Bmxp3420302
Modicon M340 Bmxp3420302h
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Bmxnoc0401
All versions
Bmxnoe0100
All versions
Bmxnoe0100h
All versions
Bmxnoe0110
All versions
Bmxnoe0110h
All versions
Bmxnor0200
All versions
Bmxnor0200h
All versions
Bmxpra0100
All versions
Modicon M340 Bmxp342020
All versions
Modicon M340 Bmxp342020h
All versions
Modicon M340 Bmxp342030
All versions
Modicon M340 Bmxp3420302
All versions
Modicon M340 Bmxp3420302h
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

Source: ics-cert@hq.dhs.gov
Vendor Advisory
Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.