Sign-up

ID

VAR-202012-1384


CVE

CVE-2020-7549


TITLE

plural  Schneider Electric  Product Exceptional Status Check Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-014322

DESCRIPTION

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP. plural Schneider Electric The product contains a vulnerability related to checking for exceptional conditions.Denial of service (DoS) It may be put into a state. Schneider Electric Modicon M340 is a medium-range PLC (Programmable Logic Controller) of French Schneider Electric (Schneider Electric) for industrial processes and infrastructure. Schneider Electric Modicon M340 has a code issue vulnerability. Attackers can use the vulnerability to make HTTP and FTP services deny when a request for preparation is sent to the controller via HTTP

Trust: 2.16

sources: NVD: CVE-2020-7549 // JVNDB: JVNDB-2020-014322 // CNVD: CNVD-2021-46283

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-46283

AFFECTED PRODUCTS

vendor:schneider electricmodel:bmxnoe0110scope:ltversion:6.6

Trust: 1.0

vendor:schneider electricmodel:140cpu65150scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:tsxety4103scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:tsxety5103scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420102scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:tsxp575634scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342020scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp341000scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:bmxnoe0100scope:ltversion:3.4

Trust: 1.0

vendor:schneider electricmodel:tsxp576634scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420102clscope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:140noc78100scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140noc78000scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302clscope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:bmxnoc0401scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140noe77111scope:ltversion:7.3

Trust: 1.0

vendor:schneider electricmodel:tsxp574634scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342000scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:bmxnoc0401scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxnoe0110scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp3420102scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp3420302clscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp3420102clscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp342020scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp342000scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp341000scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp3420302scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxnoe0100scope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-46283 // JVNDB: JVNDB-2020-014322 // NVD: CVE-2020-7549

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7549
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-7549
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-46283
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202012-939
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-7549
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-46283
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7549
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-7549
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-46283 // JVNDB: JVNDB-2020-014322 // CNNVD: CNNVD-202012-939 // NVD: CVE-2020-7549

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.0

problemtype:Improper checking in exceptional conditions (CWE-754) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014322 // NVD: CVE-2020-7549

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-939

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202012-939

PATCH

title:SEVD-2020-343-06url:https://www.se.com/ww/en/download/document/SEVD-2020-343-06/

Trust: 0.8

title:Patch for Schneider Electric Modicon M340 code issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/276471

Trust: 0.6

title:Schneider Electric Modicon M340 Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136601

Trust: 0.6

sources: CNVD: CNVD-2021-46283 // JVNDB: JVNDB-2020-014322 // CNNVD: CNNVD-202012-939

EXTERNAL IDS

db:NVDid:CVE-2020-7549

Trust: 3.0

db:SCHNEIDERid:SEVD-2020-343-06

Trust: 1.6

db:JVNDBid:JVNDB-2020-014322

Trust: 0.8

db:CNVDid:CNVD-2021-46283

Trust: 0.6

db:CNNVDid:CNNVD-202012-939

Trust: 0.6

sources: CNVD: CNVD-2021-46283 // JVNDB: JVNDB-2020-014322 // CNNVD: CNNVD-202012-939 // NVD: CVE-2020-7549

REFERENCES

url:https://www.se.com/ww/en/download/document/sevd-2020-343-06/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-7549

Trust: 1.4

sources: CNVD: CNVD-2021-46283 // JVNDB: JVNDB-2020-014322 // CNNVD: CNNVD-202012-939 // NVD: CVE-2020-7549

SOURCES

db:CNVDid:CNVD-2021-46283
db:JVNDBid:JVNDB-2020-014322
db:CNNVDid:CNNVD-202012-939
db:NVDid:CVE-2020-7549

LAST UPDATE DATE

2024-11-23T22:16:10.514000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-46283date:2021-07-01T00:00:00
db:JVNDBid:JVNDB-2020-014322date:2021-08-13T08:50:00
db:CNNVDid:CNNVD-202012-939date:2020-12-16T00:00:00
db:NVDid:CVE-2020-7549date:2024-11-21T05:37:21.663

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-46283date:2021-07-01T00:00:00
db:JVNDBid:JVNDB-2020-014322date:2021-08-13T00:00:00
db:CNNVDid:CNNVD-202012-939date:2020-12-11T00:00:00
db:NVDid:CVE-2020-7549date:2020-12-11T01:15:12.627