{ "id": "CVE-2020-7536", "sourceIdentifier": "cybersecurity@se.com", "published": "2020-12-11T01:15:12.190", "lastModified": "2020-12-14T20:42:27.873", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP." }, { "lang": "es", "value": "Una CWE-754: Se presenta una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M340 CPUs (BMXP34* versiones anteriores a V3.30) M\u00f3dulos Modicon M340 Communication Ethernet (BMXNOE0100 (H) versiones anteriores a V3.4, BMXNOE0110 (H) versiones anteriores a V6.6, BMXNOR0200H todas las versiones), lo que podr\u00eda causar que el dispositivo no sea accesible cuando se modifican los par\u00e1metros de red a trav\u00e9s de SNMP" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "cybersecurity@se.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-754" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxp341000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.30", "matchCriteriaId": "655C5574-A64B-45A2-AB1C-FC296A9EA43A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxp341000:-:*:*:*:*:*:*:*", "matchCriteriaId": "A16F383D-5A23-4A71-B4D4-0701C5D6CB1B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxp342000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.30", "matchCriteriaId": "467E16FA-FE85-48FD-AD6A-4D2B188BEBC6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxp342000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5677FB24-CEAC-496B-8651-A78673643F02" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxp3420102_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.30", "matchCriteriaId": "6B25DD43-4454-4422-815B-ED37AD47242C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxp3420102:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4195AD2-3D59-454F-AEE0-FCDC91F87BAB" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxp3420102cl_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.30", "matchCriteriaId": "F677FE33-2DEC-4851-9557-7892E579F961" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxp3420102cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "63653E5B-4381-4820-A30C-42B56B042F0E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxp342020_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.30", "matchCriteriaId": "006AA884-EE87-40FD-9886-72C91AAAA07E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxp342020:-:*:*:*:*:*:*:*", "matchCriteriaId": "97EA66E9-1236-4422-A983-B6CE13A9D674" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxp3420302_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.30", "matchCriteriaId": "273A69BC-D9D8-414F-94AD-D8ABBFB62FCD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxp3420302:-:*:*:*:*:*:*:*", "matchCriteriaId": "210ED39B-6F9B-4D82-B983-2E04C5A03B82" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxp3420302cl_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.30", "matchCriteriaId": "49138E25-BFF7-4EAE-A2A0-E2BD1660E1CB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxp3420302cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DD1411B-8672-46F8-9D84-7B0A884C16EF" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4", "matchCriteriaId": "4C045040-20CA-488D-A36D-A433754A33E8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*", "matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6", "matchCriteriaId": "1A33A381-6772-4137-A677-5F73EA398FF6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*", "matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AECF5778-C5F5-4789-BD3D-793B35DDDBDF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*", "matchCriteriaId": "60D9A366-3394-4275-B884-AE6E7227156E" } ] } ] } ], "references": [ { "url": "https://security.cse.iitk.ac.in/responsible-disclosure", "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/", "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ] } ] }