CVE-2020-7563

Name of the Vulnerable Software and Affected Versions Modicon M340 (affected versions not specified) Modicon Quantum (affected versions not specified) Modicon Premium Legacy (affected versions not specified)

Description The issue is related to an out-of-bounds write vulnerability in the Web Server of the affected devices. This vulnerability could allow a remote attacker to corrupt data, cause a crash, or execute arbitrary code when uploading a specially crafted file over FTP. The vulnerability is associated with recording beyond the buffer boundaries in memory.

Recommendations For Modicon M340, consider disabling the Web Server functionality until a patch is available. For Modicon Quantum, restrict access to the FTP service to minimize the risk of exploitation. For Modicon Premium Legacy, avoid using the affected Communication Modules until the issue is resolved. As a temporary workaround, consider disabling the upload functionality over FTP for all affected devices until a patch is available.