CVE-2020-7537

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
schneider-electricmodicon_m580_bmep584040_firmware
𝑥
< 3.20
schneider-electricmodicon_m580_bmep582040_firmware
𝑥
< 3.20
schneider-electricmodicon_m580_bmep586040_firmware
𝑥
< 3.20
schneider-electricmodicon_m580_bmep585040_firmware
𝑥
< 3.20
schneider-electricmodicon_m580_bmep582020_firmware
𝑥
< 3.20
schneider-electricmodicon_m580_bmep581020_firmware
𝑥
< 3.20
schneider-electricmodicon_m580_bmep584020_firmware
𝑥
< 3.20
schneider-electricmodicon_m580_bmep583040_firmware
𝑥
< 3.20
schneider-electricmodicon_m580_bmep583020_firmware
𝑥
< 3.20
schneider-electricmodicon_m340_bmxp341000_firmware
𝑥
< 3.30
schneider-electricmodicon_m340_bmxp342000_firmware
𝑥
< 3.30
schneider-electricmodicon_m340_bmxp3420102_firmware
𝑥
< 3.30
schneider-electricmodicon_m340_bmxp3420102cl_firmware
𝑥
< 3.30
schneider-electricmodicon_m340_bmxp342020_firmware
𝑥
< 3.30
schneider-electricmodicon_m340_bmxp3420302_firmware
𝑥
< 3.30
schneider-electricmodicon_m340_bmxp3420302cl_firmware
𝑥
< 3.30
schneider-electrictsxp574634_firmware
*
schneider-electrictsxp575634_firmware
*
schneider-electrictsxp576634_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.se.com/ww/en/download/document/SEVD-2020-343-08/
https://www.se.com/ww/en/download/document/SEVD-2020-343-08/