CVE-2020-7562

8.1 HIGH

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers a...

Published: 2020-11-18 · Last updated: 2026-05-29

Severity and scoring

CVSS: 8.1 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125

Affected products

Vendor	Product
schneider-electric	modicon_m340_bmx_noc_0401_firmware, modicon_m340_bmx_noe_0100_firmware, modicon_m340_bmx_noe_0100h_firmware

Description

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-7562
[Vendor advisory]https://www.se.com/ww/en/download/document/SEVD-2020-315-01/
[Vendor advisory]https://www.se.com/ww/en/download/document/SEVD-2020-315-01/

Related CVEs

Same vendor

CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
CVE-2022-0715 — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
CVE-2021-22788 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
CVE-2021-22787 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
CVE-2021-22785 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)

Same CWE

CVE-2026-4367 — A flaw was found in libXpm (5.5 MEDIUM)
CVE-2026-47963 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47934 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47927 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47748 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (5.5 MEDIUM)