6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.8%
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500396);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2020-7563");
script_name(english:"Schneider Electric Web Server on Modicon M340 Out-of-Bounds Write (CVE-2020-7563)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server
on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and
their Communication Modules (see notification for details) which could
cause corruption of data, a crash, or code execution when uploading a
specially crafted file on the controller over FTP.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-005-01");
script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Schneider Electric is establishing a remediation plan to fix these vulnerabilities in current and future versions of
Modicon PAC controllers. Schneider Electric will update SEVD-2020-315-01 when the remediation is available. Until then,
users should immediately apply the following mitigations to reduce the risk of exploit:
- Disable FTP via UnityPro / Ecostruxure Control Expert. This is disabled by default when a new application is created.
- Configure the access control list via Ecostruxure Control Expert programming tool.
- Set up network segmentation and implement a firewall to block all unauthorized access to Port 21/TCP.
Schneider ElectricΓ’ΒΒs Modicon Premium and Modicon Quantum controllers have reached their end of life and are no longer
commercially available. They have been replaced by the Modicon M580 ePAC controller.
For further information please refer to Modicon Controllers Platform - CyberSecurity, Reference Manual and
SEVD-2020-315-01");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7563");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(787);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65160_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140cpu65160c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noc78100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noe77101_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_quantum_140noe77111_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxety4103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxety5103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp574634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp575634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_tsxp576634_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:modicon_tsxety4103_firmware" :
{"family" : "PremiumCP"},
"cpe:/o:schneider-electric:modicon_tsxety5103_firmware" :
{"family" : "PremiumCP"},
"cpe:/o:schneider-electric:modicon_tsxp574634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_tsxp575634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_tsxp576634_firmware" :
{"family" : "Premium"},
"cpe:/o:schneider-electric:modicon_quantum_140noe77101_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140noe77111_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140noc78100_firmware" :
{"family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65160c_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_quantum_140cpu65160_firmware" :
{"family" : "QuantumUnity"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware" :
{"family" : "ModiconM340", "versionEndExcluding" : "3.40"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware" :
{"family" : "ModiconM340", "versionEndExcluding" : "3.40"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "v2.11"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv03.50"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv03.50"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv06.70"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "sv06.70"},
"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware" :
{"family" : "ModiconM340M580CP", "versionEndExcluding" : "v1.7.ir23"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | modicon_m340_bmx_noc_0401_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware | |
schneider-electric | modicon_m340_bmx_noe_0100_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware | |
schneider-electric | modicon_m340_bmx_noe_0100h_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware | |
schneider-electric | modicon_m340_bmx_noe_0110_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware | |
schneider-electric | modicon_m340_bmx_noe_0110h_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware | |
schneider-electric | modicon_m340_bmx_nor_0200h_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware | |
schneider-electric | modicon_m340_bmx_p34-2010_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware | |
schneider-electric | modicon_m340_bmx_p34-2030_firmware | cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware | |
schneider-electric | modicon_quantum_140cpu65150_firmware | cpe:/o:schneider-electric:modicon_quantum_140cpu65150_firmware | |
schneider-electric | modicon_quantum_140cpu65150c_firmware | cpe:/o:schneider-electric:modicon_quantum_140cpu65150c_firmware |
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.8%