CVE-2020-7562

Name of the Vulnerable Software and Affected Versions Modicon M340 (affected versions not specified) Modicon Quantum (affected versions not specified) Modicon Premium Legacy (affected versions not specified)

Description A CWE-125: Out-of-Bounds Read issue exists in the Web Server of the affected devices, which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file over FTP. This could allow a remote attacker to disclose protected information or cause a denial of service.

Recommendations For Modicon M340, consider disabling the FTP upload feature until a patch is available. For Modicon Quantum, restrict access to the Web Server to minimize the risk of exploitation. For Modicon Premium Legacy, avoid using the Web Server to upload files until the issue is resolved. As a temporary workaround, consider disabling the Web Server on the affected devices until a patch is available.