CVE-2015-7937

Name of the Vulnerable Software and Affected Versions Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices (affected versions not specified)

Description The issue is caused by a stack-based buffer overflow in the GoAhead Web Server, allowing remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. This can be exploited by sending a long password, which can lead to the execution of arbitrary code.

Recommendations For Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices, consider restricting access to the HTTP Basic Authentication feature until a fix is available. As a temporary workaround, consider limiting the length of passwords to prevent exploitation of the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.