Buffer Overflow Vulnerability in Schneider Electric Modicon PLCs
CVE-2018-7759

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M340, Modicon Premium, Modicon Quantum, Bmxnor0200
Vendor: CVE Published:; 18 April 2018

Summary

A buffer overflow vulnerability has been identified in Schneider Electric's Modicon PLCs, including the Modicon M340, Premium, Quantum, and BMXNOR0200 models. This vulnerability arises from the mishandling of source string lengths, allowing more bytes to be copied than the designated buffer can handle, potentially leading to unauthorized access or system instability.

Affected Version(s)

Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200 All Modicon M340, Premium, Quantum PLCs and BMXNOR0200

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2018
Vulnerability Reserved
Mar 8, 2018