A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
schneider-electric modicon_tsxety4103_firmware |
||
schneider-electric modicon_tsxety5103_firmware |
||
schneider-electric modicon_tsxp574634_firmware |
||
schneider-electric modicon_tsxp575634_firmware |
||
schneider-electric modicon_tsxp576634_firmware |
||
schneider-electric modicon_quantum_140noe77101_firmware |
||
schneider-electric modicon_quantum_140noe77111_firmware |
||
schneider-electric modicon_quantum_140noc78100_firmware |
||
schneider-electric modicon_quantum_140cpu65150_firmware |
||
schneider-electric modicon_quantum_140cpu65150c_firmware |
||
schneider-electric modicon_quantum_140cpu65160c_firmware |
||
schneider-electric modicon_quantum_140cpu65160_firmware |
||
schneider-electric modicon_m340_bmx_p34-2010_firmware |
||
schneider-electric modicon_m340_bmx_p34-2030_firmware |
||
schneider-electric modicon_m340_bmx_noc_0401_firmware |
||
schneider-electric modicon_m340_bmx_noe_0100_firmware |
||
schneider-electric modicon_m340_bmx_noe_0100h_firmware |
||
schneider-electric modicon_m340_bmx_noe_0110_firmware |
||
schneider-electric modicon_m340_bmx_noe_0110h_firmware |
||
schneider-electric modicon_m340_bmx_nor_0200h_firmware |
Vulmon