Buffer overflow in Schneider Electric products - CVE-2018-7759
Published: October 3, 2019
Vulnerability identifier: #VU21520
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-7759
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
BMXNOR0200H Ethernet / Serial RTU module
Modicon Quantum
Modicon Premium
Modicon M340
BMXNOR0200H Ethernet / Serial RTU module
Modicon Quantum
Modicon Premium
Modicon M340
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to the length of the source string specified (instead of the buffer size) as the number of bytes to be copied. A remote attacker can trigger memory corruption and cause a denial of service condition.
How to mitigate CVE-2018-7759
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.