CVE-2020-7534

Name of the Vulnerable Software and Affected Versions Modicon M340 CPUs version all Modicon Quantum CPUs with integrated Ethernet version all Modicon Premium CPUs with integrated Ethernet version all Modicon M340 ethernet modules versions BMXNOC0401, BMXNOE01, BMXNOR0200H Modicon Quantum and Premium factory cast communication modules versions 140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103

Description A Cross-Site Request Forgery (CSRF) issue exists on the web server used, potentially causing a leak of sensitive data or unauthorized actions during the time the user is logged in. The vulnerability can be exploited by a remote attacker to gain access to confidential data.

Recommendations For Modicon M340 CPUs, consider disabling access to the web server interface until a fix is available. For Modicon Quantum CPUs with integrated Ethernet, restrict access to the web server during user login to minimize the risk of exploitation. For Modicon Premium CPUs with integrated Ethernet, avoid using the web server for sensitive operations until the issue is resolved. For Modicon M340 ethernet modules, restrict access to the modules to prevent unauthorized actions. For Modicon Quantum and Premium factory cast communication modules, consider disabling the communication modules until a patch is available.