Schneider-electric Modicon Out-of-bounds Write

2021-08-1000:00:00

www.tenable.com

0.001 Low

EPSS

Percentile

42.8%

JSON

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.

File data ot_500396.nasl

VendorProductVersionCPE
schneider-electricmodicon_quantum_140noe77101_firmware*cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_quantum_140noe77111_firmware*cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noc_0401_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noe_0100_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noe_0100h_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noe_0110_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_noe_0110h_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_nor_0200h_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_p34-2010_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmx_p34-2030_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	modicon_quantum_140noe77101_firmware	*	cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware::::::::
schneider-electric	modicon_quantum_140noe77111_firmware	*	cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware::::::::
schneider-electric	modicon_m340_bmx_noc_0401_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware::::::::
schneider-electric	modicon_m340_bmx_noe_0100_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware::::::::
schneider-electric	modicon_m340_bmx_noe_0100h_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware::::::::
schneider-electric	modicon_m340_bmx_noe_0110_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware::::::::
schneider-electric	modicon_m340_bmx_noe_0110h_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware::::::::
schneider-electric	modicon_m340_bmx_nor_0200h_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware::::::::
schneider-electric	modicon_m340_bmx_p34-2010_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware::::::::
schneider-electric	modicon_m340_bmx_p34-2030_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware::::::::