CVE-2020-7536

moderate-risk

Published 2020-12-11

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.

Do I need to act?

0.48% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (10)

Modicon M340 Bmxp341000 Firmware

Modicon M340 Bmxp342000 Firmware

Modicon M340 Bmxp3420102 Firmware

Modicon M340 Bmxp3420102Cl Firmware

Modicon M340 Bmxp342020 Firmware

Modicon M340 Bmxp3420302 Firmware

Modicon M340 Bmxp3420302Cl Firmware

Bmxnoe0100 Firmware

Bmxnoe0110 Firmware

Bmxnor0200H Firmware

Affected Vendors

Schneider-Electric

References (4)

Vendor Advisory https://security.cse.iitk.ac.in/responsible-disclosure

Vendor Advisory https://www.se.com/ww/en/download/document/SEVD-2020-343-07/

Vendor Advisory https://security.cse.iitk.ac.in/responsible-disclosure

Vendor Advisory https://www.se.com/ww/en/download/document/SEVD-2020-343-07/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 16/34 · Moderate