Strix
26.1K

CVE-2020-7549

MEDIUMCVSS 5.3/10EPSS 1.02%

Last modified

CVE-2020-7549 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.. EPSS estimates a 1.02% chance of exploitation in the next 30 days.

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability
1.02%

59.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Schneider-ElectricModicon M340 Bmxp341000 Firmware< 3.30
Schneider-ElectricModicon M340 Bmxp342000 Firmware< 3.30
Schneider-ElectricModicon M340 Bmxp3420102 Firmware< 3.30
Schneider-ElectricModicon M340 Bmxp3420102cl Firmware< 3.30
Schneider-ElectricModicon M340 Bmxp342020 Firmware< 3.30
Schneider-ElectricModicon M340 Bmxp3420302 Firmware< 3.30
Schneider-ElectricModicon M340 Bmxp3420302cl Firmware< 3.30
Schneider-ElectricBmxnoe0100 Firmware< 3.4
Schneider-ElectricBmxnoe0110 Firmware< 6.6
Schneider-ElectricBmxnoc0401 FirmwareAll versions
Schneider-Electric140noe77111 Firmware< 7.3
Schneider-Electric140noc78100 FirmwareAll versions
Schneider-Electric140noc78000 FirmwareAll versions
Schneider-Electric140cpu65150 FirmwareAll versions
Schneider-ElectricTsxety4103 FirmwareAll versions
Schneider-ElectricTsxety5103 FirmwareAll versions
Schneider-ElectricTsxp574634 FirmwareAll versions
Schneider-ElectricTsxp575634 FirmwareAll versions
Schneider-ElectricTsxp576634 FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-7549?
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.
How severe is CVE-2020-7549?
CVE-2020-7549 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 1.02% probability of exploitation in the next 30 days.
How do I fix CVE-2020-7549?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-7549?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST