Buffer Overflow Vulnerability in GoAhead Web Server on Schneider Electric Modicon M340 PLC
CVE-2015-7937

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Bmxp3420302; Bmxnoe0110h; Bmxpra0100; Bmxnoc0401
Vendor: CVE Published:; 21 December 2015

Summary

A stack-based buffer overflow vulnerability exists in the GoAhead Web Server utilized by Schneider Electric's Modicon M340 PLC devices. This flaw allows remote attackers to exploit the system by supplying excessively long passwords during the HTTP Basic Authentication process, potentially leading to arbitrary code execution. The affected models include BMXNOx and BMXPx, making it crucial for users of these devices to implement security measures and updates to mitigate this risk.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01

x_refsource_MISC

http://www.securityfocus.com/bid/79622

vdb-entryx_refsource_BID

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 21, 2015
Vulnerability Reserved
Oct 22, 2015