CVE-2020-7536

Name of the Vulnerable Software and Affected Versions Modicon M340 CPUs versions prior to V3.30 Modicon M340 Communication Ethernet modules BMXNOE0100 (H) versions prior to V3.4 Modicon M340 Communication Ethernet modules BMXNOE0110 (H) versions prior to V6.6 Modicon M340 Communication Ethernet modules BMXNOR0200H all versions

Description The issue is related to insufficient checking of unusual or exceptional conditions in the software of the Schneider Electric Modicon M340 programmable logic controller. This could allow a remote attacker to cause a denial of service. The vulnerability exists when modifying network parameters over SNMP, potentially causing the device to become unreachable.

Recommendations For Modicon M340 CPUs versions prior to V3.30, update to version V3.30 or later. For Modicon M340 Communication Ethernet modules BMXNOE0100 (H) versions prior to V3.4, update to version V3.4 or later. For Modicon M340 Communication Ethernet modules BMXNOE0110 (H) versions prior to V6.6, update to version V6.6 or later. For Modicon M340 Communication Ethernet modules BMXNOR0200H, consider disabling SNMP access until a patch is available, as all versions are affected.