Description
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Schneider Electric / Legacy Modicon Quantum/PremiumAll Versions – All Versions
- Schneider Electric / Modicon M340 CPU (part numbers BMXP34*)V – 3.40
- Schneider Electric / Modicon M580 CPU (part numbers BMEP* and BMEH*)V – 3.22
- Schneider Electric / Modicon MC80 (BMKC80)V – 1.7
- Schneider Electric / Modicon Momentum MDI (171CBU*)All Versions – All Versions