CVE-2020-28220

6.8 MEDIUM

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All ver...

Published: 2020-12-11 · Last updated: 2026-05-28

Severity and scoring

CVSS: 6.8 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119

Affected products

Vendor	Product
schneider-electric	modicon_m258_firmware, somachine, somachine_motion

Description

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-28220
[Vendor advisory]https://www.se.com/ww/en/download/document/SEVD-2020-343-09/
[Vendor advisory]https://www.se.com/ww/en/download/document/SEVD-2020-343-09/

Related CVEs

Same vendor

CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
CVE-2022-0715 — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
CVE-2021-22788 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
CVE-2021-22787 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
CVE-2021-22785 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)

Same CWE

CVE-2026-12330 — Incorrect boundary conditions in the Internationalization component (5.4 MEDIUM)
CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
CVE-2026-12327 — Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (7.3 HIGH)
CVE-2026-12326 — Memory safety bugs present in Firefox 151 and Thunderbird 151 (7.3 HIGH)
CVE-2026-12318 — Incorrect boundary conditions in the Libraries component in NSS (7.3 HIGH)