← Back

CVE-2020-7564

nvd nist
Published: Nov 18, 2020Modified: May 29, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.

Affected (20)

Schneider Electric
20 products
Modicon Tsxety4103 Firmware
Modicon Tsxety5103 Firmware
Modicon Tsxp574634 Firmware
Modicon Tsxp575634 Firmware
Modicon Tsxp576634 Firmware
Modicon Quantum 140noe77101 Firmware
Modicon Quantum 140noe77111 Firmware
Modicon Quantum 140noc78100 Firmware
Modicon Quantum 140cpu65150 Firmware
Modicon Quantum 140cpu65150c Firmware
Modicon Quantum 140cpu65160c Firmware
Modicon Quantum 140cpu65160 Firmware
Modicon M340 Bmx P34 2010 Firmware
Modicon M340 Bmx P34 2030 Firmware
Modicon M340 Bmx Noc 0401 Firmware
Modicon M340 Bmx Noe 0100 Firmware
Modicon M340 Bmx Noe 0100h Firmware
Modicon M340 Bmx Noe 0110 Firmware
Modicon M340 Bmx Noe 0110h Firmware
Modicon M340 Bmx Nor 0200h Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Tsxety4103 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Tsxety4103
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Tsxety5103 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Tsxety5103
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Tsxp574634 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Tsxp574634
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Tsxp575634 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Tsxp575634
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Tsxp576634 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Tsxp576634
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Quantum 140noe77101 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Quantum 140noe77101
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Quantum 140noe77111 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Quantum 140noe77111
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Quantum 140noc78100 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Quantum 140noc78100
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Quantum 140cpu65150 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Quantum 140cpu65150
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Quantum 140cpu65150c Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Quantum 140cpu65150c
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Quantum 140cpu65160c Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Quantum 140cpu65160c
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Quantum 140cpu65160 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Quantum 140cpu65160
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmx P34 2010 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmx P34 2010
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmx P34 2030 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmx P34 2030
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmx Noc 0401 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmx Noc 0401
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmx Noe 0100 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmx Noe 0100
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmx Noe 0100h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmx Noe 0100h
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmx Noe 0110 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmx Noe 0110
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmx Noe 0110h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmx Noe 0110h
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Bmx Nor 0200h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmx Nor 0200h
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.