Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.
References
| Link | Resource |
|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01 | Vendor Advisory |
| http://www.securityfocus.com/bid/79622 | |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
10 Apr 2024, 12:28
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:schneider-electric:bmxp342020:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmxp342030:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmxp3420302h:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmxp3420302:-:*:*:*:*:*:*:* |
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:* |
| First Time |
Schneider-electric modicon M340 Bmxp342020
Schneider-electric modicon M340 Bmxp3420302h Schneider-electric modicon M340 Bmxp3420302 Schneider-electric modicon M340 Bmxp342030 Schneider-electric modicon M340 Bmxp342020h |
Information
Published : 2015-12-21 11:59
Updated : 2024-04-10 12:28
NVD link : CVE-2015-7937
Mitre link : CVE-2015-7937
CVE.ORG link : CVE-2015-7937
JSON object : View
Products Affected
schneider-electric
- bmxnoe0110h
- bmxnor0200
- bmxpra0100
- modicon_m340_bmxp342030
- bmxnor0200h
- bmxnoc0401
- modicon_m340_bmxp342020h
- bmxnoe0100
- modicon_m340_bmxp3420302h
- bmxnoe0100h
- modicon_m340_bmxp3420302
- bmxnoe0110
- modicon_m340_bmxp342020
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer