CVE-2018-7759

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 versions (affected versions not specified) Schneider Electric Modicon Premium versions (affected versions not specified) Schneider Electric Modicon Quantum versions (affected versions not specified) Schneider Electric Modicon BMXNOR0200 versions (affected versions not specified)

Description: The issue is caused by a buffer overflow in the memory, potentially allowing a remote attacker to cause a denial of service using a specially crafted SOAP request. The buffer overflow vulnerability is caused by the length of the source string specified as the number of bytes to be copied, instead of the buffer size.

Recommendations: For Schneider Electric Modicon M340, consider disabling the vulnerable function until a patch is available. For Schneider Electric Modicon Premium, restrict access to the vulnerable module to minimize the risk of exploitation. For Schneider Electric Modicon Quantum, avoid using the vulnerable API endpoint until the issue is resolved. For Schneider Electric Modicon BMXNOR0200, as a temporary workaround, consider disabling the vulnerable component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.