Bmxnor0200 Firmware
CVE-2018-7759
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
AnalysisAI
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied. Affected products include: Schneider-Electric Bmxnor0200 Firmware, Schneider-Electric Bmxnor0200H Firmware, Schneider-Electric 140Cpu65150 Firmware, Schneider-Electric 140Cpu31110 Firmware, Schneider-Electric 140Cpu43412U Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
More in Bmxnor0200 Firmware
View allA vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC,
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 control
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premiu
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today