Vulnerability identifier: #VU49332
Vulnerability risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
BMX P34x
Hardware solutions /
Firmware
BMX NOE 0100 (H)
Hardware solutions /
Firmware
BMX NOE 0110 (H)
Hardware solutions /
Firmware
BMX NOC 0401
Hardware solutions /
Firmware
BMX NOR 0200H
Hardware solutions /
Firmware
TSXP574634
Hardware solutions /
Firmware
TSXP575634
Hardware solutions /
Firmware
TSXP576634
Hardware solutions /
Firmware
TSXETY4103
Hardware solutions /
Firmware
TSXETY5103
Hardware solutions /
Firmware
140CPU65xxxxx
Hardware solutions /
Firmware
140NOE771x1
Hardware solutions /
Firmware
140NOC78x00
Hardware solutions /
Firmware
140NOC77101
Hardware solutions /
Firmware
Vendor: Schneider Electric
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when uploading a specially crafted file on the controller over FTP. A remote authenticated attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
This vulnerability affects the following Modicon products:
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
BMX P34x: All versions
BMX NOE 0100 (H): All versions
BMX NOE 0110 (H): All versions
BMX NOC 0401: All versions
BMX NOR 0200H: All versions
TSXP574634: All versions
TSXP575634: All versions
TSXP576634: All versions
TSXETY4103: All versions
TSXETY5103: All versions
140CPU65xxxxx: All versions
140NOE771x1: All versions
140NOC78x00: All versions
140NOC77101: All versions
External links
http://www.se.com/ww/en/download/document/SEVD-2020-315-01/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.