Description
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Schneider Electric / Legacy Modicon Premium CPUs (TSXP57*)All – All
- Schneider Electric / Legacy Modicon Quantum (140CPU65*)All – All
- Schneider Electric / Modicon M340 CPU (part numbers BMXP34*)prior to SV3.51 – prior to SV3.51
- Schneider Electric / Modicon M580 CPU (part numbers BMEP* and BMEH*)prior to V4.10 – prior to V4.10
- Schneider Electric / Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)All – All
- Schneider Electric / Modicon MC80 (BMKC80)All – All
- Schneider Electric / Modicon Momentum Unity M1E Processor (171CBU*)All – All