CVE-2020-7564

Name of the Vulnerable Software and Affected Versions Modicon M340 versions (affected versions not specified) Modicon Quantum versions (affected versions not specified) Modicon Premium Legacy versions (affected versions not specified) Communication Modules versions (affected versions not specified)

Description A buffer copy without checking the size of input issue exists in the Web Server, which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. This could allow a remote attacker to execute arbitrary commands.

Recommendations For Modicon M340, update the firmware to a version that includes the fix for this issue. For Modicon Quantum, update the firmware to a version that includes the fix for this issue. For Modicon Premium Legacy, update the firmware to a version that includes the fix for this issue. For Communication Modules, update the firmware to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the FTP service to minimize the risk of exploitation.