CVE-2020-7524

Published: Aug 31, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.

Affected (1)

Products: Schneider Electric: Modicon M218 Firmware

Schneider Electric

1 product

Modicon M218 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M218 Firmware	Up to 5.0.0.7

Running on/with	Platform Versions
Schneider Electric Modicon M218	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2020-224-03/

Source: cybersecurity@se.com

Vendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2020-224-03/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.