Improper Check for Unusual Conditions in Modicon M340 by Schneider Electric
CVE-2020-7536

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M340 Cpus (bmxp34* Versions Prior To V3.30) And Modicon M340 Communication Ethernet Modules (bmxnoe0100 (h) Versions Prior To V3.4, Bmxnoe0110 (h) Versions Prior To V6.6, And Bmxnor0200h All Versions)
Vendor: CVE Published:; 11 December 2020

Summary

A vulnerability exists in Schneider Electric's Modicon M340 series, specifically impacting certain versions of the Modicon M340 CPUs and Communication Ethernet modules. This flaw arises from an improper check for unusual or exceptional conditions, which may render the device unreachable when network parameters are modified via SNMP. Affected users are advised to consult the vendor's documentation and update to the latest versions to mitigate potential risks.

Affected Version(s)

Modicon M340 CPUs (BMXP34* prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) prior to V3.4, BMXNOE0110 (H) prior to V6.6, and BMXNOR0200H all ) Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)

References

https://security.cse.iitk.ac.in/responsible-disclosure

x_refsource_MISC

https://www.se.com/ww/en/download/document/SEVD-2020-343-07/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2020
Vulnerability Reserved
Jan 21, 2020