PT-2020-6376 · Schneider Electric · Modicon M340+2
Published
2020-12-08
·
Updated
2024-04-10
·
CVE-2020-7540
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Modicon M340 versions (affected versions not specified)
Modicon Quantum versions (affected versions not specified)
Modicon Premium versions (affected versions not specified)
Description
The issue is related to the lack of authentication for a critical function in the programmable logic controller's software. This could allow a remote attacker to execute arbitrary commands by sending special HTTP requests to the Web Server on the affected devices.
Recommendations
For Modicon M340, apply the fix as described in the security notification for the affected versions.
For Modicon Quantum, apply the fix as described in the security notification for the affected versions.
For Modicon Premium, apply the fix as described in the security notification for the affected versions.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Modicon M340
Modicon Premium
Modicon Quantum