Improper Condition Check Vulnerability in Modicon Controllers by Schneider Electric
CVE-2020-7542

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see Security Notifications For Affected Versions)
Vendor: CVE Published:; 11 December 2020

Summary

A vulnerability exists in Schneider Electric's Modicon controllers, including models M580, M340, Quantum, and Premium, due to inadequate checks for exceptional conditions. When an attacker sends a specially crafted Read Physical Memory request over the Modbus protocol, it may lead to a denial of service, disrupting operations and potentially impacting the availability of the affected controllers.

Affected Version(s)

Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected ) Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)

References

https://www.se.com/ww/en/download/document/SEVD-2020-343-08/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2020
Vulnerability Reserved
Jan 21, 2020