CVE-2020-7524

Name of the Vulnerable Software and Affected Versions Modicon M218 Logic Controller versions V5.0.0.7 and prior

Description The issue is related to an out-of-bounds write that could cause a Denial of Service when a specific crafted IPv4 packet is sent to the controller. This can cause IPv4 devices to go down, and the device must be powered back on to return to normal. The vulnerability can be exploited remotely.

Recommendations For versions V5.0.0.7 and prior, consider temporarily disabling the reception of IPv4 packets or restricting access to the controller until a patch is available. As a mitigation measure, avoid using the affected controller in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.