Denial of Service Vulnerability in Schneider Electric Quantum Ethernet Network Module
CVE-2020-7477

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon Quantum Ethernet Network Module And Quantum / Premium Copro (quantum Ethernet Network Module 140noe771x1, Versions 7.0 And Prior, Quantum Processors With Integrated Ethernet – 140cpu65xxxxx, All Versions, Premium Processors With Integrated Ethernet, All Versions)
Vendor: CVE Published:; 23 March 2020

Summary

A vulnerability exists in Schneider Electric’s Quantum Ethernet Network module and integrated processors, which may lead to a Denial of Service. By sending specially crafted commands over Modbus, an attacker could exploit this weakness, causing disruptions in the operation of affected devices. This flaw affects various versions of the Quantum Ethernet Network module as well as multiple processor series, highlighting the need for urgent security assessments and patches.

Affected Version(s)

Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all , Premium processors with integrated Ethernet, all ) Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)

References

https://www.se.com/ww/en/download/document/SEVD-2020-070-02/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2020
Vulnerability Reserved
Jan 21, 2020