CVE-2015-7937

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Bmxp3420302; Bmxnoe0110h; Bmxpra0100; Bmxnoc0401
Vendor: CVE Published:; 21 December 2015

Summary

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01

x_refsource_MISC

http://www.securityfocus.com/bid/79622

vdb-entryx_refsource_BID

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_CONFIRM

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 21, 2015
Vulnerability Reserved
Oct 22, 2015