CVE-2018-7759

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
schneider-electricbmxnor0200_firmware
-
schneider-electricbmxnor0200h_firmware
-
schneider-electric140cpu65150_firmware
-
schneider-electric140cpu31110_firmware
-
schneider-electric140cpu43412u_firmware
-
schneider-electric140cpu65160_firmware
-
schneider-electric140cpu65260_firmware
-
schneider-electric140cpu65860_firmware
-
schneider-electric140cpu65160s_firmware
-
schneider-electric140cpu65150c_firmware
-
schneider-electric140cpu31110c_firmware
-
schneider-electric140cpu43412uc_firmware
-
schneider-electric140cpu65160c_firmware
-
schneider-electric140cpu65160c_firmware
-
schneider-electric140cpu65260c_firmware
-
schneider-electric140cpu65860c_firmware
-
schneider-electricmodicon_m340_bmxp341000_firmware
-
schneider-electricmodicon_m340_bmxp342000_firmware
-
schneider-electricmodicon_m340_bmxp3420102_firmware
-
schneider-electricmodicon_m340_bmxp3420102cl_firmware
-
schneider-electricmodicon_m340_bmxp342020_firmware
-
schneider-electricmodicon_m340_bmxp3420302_firmware
-
schneider-electricmodicon_m340_bmxp3420302cl_firmware
-
schneider-electricmodicon_m340_bmxp3420302h_firmware
-
schneider-electricmodicon_m340_bmxp342020h_firmware
-
schneider-electricmodicon_m340_bmxp341000h_firmware
-
schneider-electrictsxh5724m_firmware
-
schneider-electrictsxh5744m_firmware
-
schneider-electrictsxp57104m_firmware
-
schneider-electrictsxp57154m_firmware
-
schneider-electrictsxp571634m_firmware
-
schneider-electrictsxp57204m_firmware
-
schneider-electrictsxp57254m_firmware
-
schneider-electrictsxp572634m_firmware
-
schneider-electrictsxp57304m_firmware
-
schneider-electrictsxp57354m_firmware
-
schneider-electrictsxp573634m_firmware
-
schneider-electrictsxp57454m_firmware
-
schneider-electrictsxp574634m_firmware
-
schneider-electrictsxp575634m_firmware
-
schneider-electrictsxp576634m_firmware
-
schneider-electrictsxh5724mc_firmware
-
schneider-electrictsxh5744mc_firmware
-
schneider-electrictsxp57104mc_firmware
-
schneider-electrictsxp57154mc_firmware
-
schneider-electrictsxp571634mc_firmware
-
schneider-electrictsxp57204mc_firmware
-
schneider-electrictsxp57254mc_firmware
-
schneider-electrictsxp572634mc_firmware
-
schneider-electrictsxp57304mc_firmware
-
schneider-electrictsxp57354mc_firmware
-
schneider-electrictsxp573634mc_firmware
-
schneider-electrictsxp57454mc_firmware
-
schneider-electrictsxp574634mc_firmware
-
schneider-electrictsxp57554mc_firmware
-
schneider-electrictsxp575634mc_firmware
-
schneider-electrictsxp576634mc_firmware
-
schneider-electrictsxh5724m_firmware
-
schneider-electrictsxh5744mc_firmware
-
schneider-electrictsxp57554m_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/