CVE-2020-7541

Name of the Vulnerable Software and Affected Versions Modicon M340 versions (affected versions not specified) Modicon Quantum versions (affected versions not specified) Modicon Premium versions (affected versions not specified)

Description The issue is related to errors in security mechanisms, which can be exploited to obtain configuration information of the SMTP server, including user logins and passwords, by sending a specially crafted HTTP request. This is a Direct Request ('Forced Browsing') vulnerability that could cause disclosure of sensitive data.

Recommendations For Modicon M340, consider restricting access to the web server to minimize the risk of exploitation. For Modicon Quantum, avoid using the web server until a patch is available. For Modicon Premium, restrict access to the communication modules to prevent sensitive data disclosure. As a temporary workaround, consider disabling the HTTP request handling functionality until a patch is available.