#VU49332 Buffer overflow in Schneider Electric products - CVE-2020-7564
Published: January 7, 2021
Vulnerability identifier: #VU49332
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-7564
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
BMX P34x
BMX NOE 0100 (H)
BMX NOE 0110 (H)
BMX NOC 0401
BMX NOR 0200H
TSXP574634
TSXP575634
TSXP576634
TSXETY4103
TSXETY5103
140CPU65xxxxx
140NOE771x1
140NOC78x00
140NOC77101
BMX P34x
BMX NOE 0100 (H)
BMX NOE 0110 (H)
BMX NOC 0401
BMX NOR 0200H
TSXP574634
TSXP575634
TSXP576634
TSXETY4103
TSXETY5103
140CPU65xxxxx
140NOE771x1
140NOC78x00
140NOC77101
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when uploading a specially crafted file on the controller over FTP. A remote authenticated attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
This vulnerability affects the following Modicon products:
- M340 CPUs
- BMX P34x, all versions
- M340 Communication Ethernet modules
- BMX NOE 0100 (H), all versions
- BMX NOE 0110 (H), all versions
- BMX NOC 0401, all versions
- BMX NOR 0200H, all versions
- Premium processors with integrated Ethernet COPRO
- TSXP574634, TSXP575634, TSXP576634, all versions
- Premium communication modules
- TSXETY4103, all versions
- TSXETY5103, all versions
- Quantum processors with integrated Ethernet COPRO
- 140CPU65xxxxx, all versions
- Quantum communication modules
- 140NOE771x1, all versions
- 140NOC78x00, all versions
- 140NOC77101, all versions
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.