Vulnerability identifier: #VU11291
Vulnerability risk: High
CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID:
CWE-ID:
CWE-121
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Modicon X80 RTU
Hardware solutions /
Firmware
Modicon M340
Hardware solutions /
Firmware
Modicon Quantum
Hardware solutions /
Firmware
Modicon Premium
Hardware solutions /
Firmware
Vendor: Schneider Electric
Description
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to the FTP server does not limit the length of a command parameter. A remote attacker can supply specially crafted parameters, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.
Mitigation
NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Vulnerable software versions
Modicon X80 RTU: All versions
Modicon M340: All versions
Modicon Quantum: All versions
Modicon Premium: All versions
External links
http://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960143...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.