Main Vulnerability Database Vulnerabilities #VU21520

#VU21520 Buffer overflow in Schneider Electric products - CVE-2018-7759

Published: October 3, 2019

Vulnerability identifier: #VU21520

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-7759

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
BMXNOR0200H Ethernet / Serial RTU module
Modicon Quantum
Modicon Premium
Modicon M340

Software vendor:
Schneider Electric

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to the length of the source string specified (instead of the buffer size) as the number of bytes to be copied. A remote attacker can trigger memory corruption and cause a denial of service condition.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/

#VU21520 Buffer overflow in Schneider Electric products - CVE-2018-7759

Description

Remediation

External links

Please verify you're human