Denial of Service Vulnerability in Modicon Controllers by Schneider Electric
CVE-2020-7543

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see Security Notifications For Affected Versions)
Vendor: CVE Published:; 11 December 2020

Summary

A vulnerability exists within Modicon controllers produced by Schneider Electric that can lead to a denial of service condition. This occurs when a specially crafted Read Physical Memory request is sent over the Modbus protocol to the affected controllers. Such exploitation may disrupt the regular operations of the devices, posing a risk to the stability and security of the control system. It is critical for users of Modicon M580, M340, Quantum, and Premium controllers to update their systems and apply necessary mitigations as per the latest security advisories.

Affected Version(s)

Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected ) Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)

References

https://www.se.com/ww/en/download/document/SEVD-2020-343-08/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2020
Vulnerability Reserved
Jan 21, 2020