CVE-2020-7524
Last modified
CVE-2020-7524 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M218 Firmware | <= 5.0.0.7 |
References
- https://www.se.com/ww/en/download/document/SEVD-2020-224-03/Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-224-03/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7524?
How severe is CVE-2020-7524?
How do I fix CVE-2020-7524?
Are you affected by CVE-2020-7524?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST