Sign-up

ID

VAR-202008-1033


CVE

CVE-2020-7524


TITLE

Modicon M218 Logic Controller Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010576

DESCRIPTION

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal. Modicon M218 Logic Controller Is vulnerable to out-of-bounds writes.Service operation interruption (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-7524 // JVNDB: JVNDB-2020-010576 // VULMON: CVE-2020-7524

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m218scope:lteversion:5.0.0.7

Trust: 1.0

vendor:schneider electricmodel:modicon m218scope:eqversion:5.0.0.7 およびそれ

Trust: 0.8

sources: JVNDB: JVNDB-2020-010576 // NVD: CVE-2020-7524

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-7524
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010576
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-1469
value: HIGH

Trust: 0.6

VULMON: CVE-2020-7524
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-7524
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010576
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-7524
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010576
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-7524 // JVNDB: JVNDB-2020-010576 // CNNVD: CNNVD-202008-1469 // NVD: CVE-2020-7524

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-010576 // NVD: CVE-2020-7524

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1469

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-1469

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-7524

PATCH
title:SEVD-2020-224-03url:https://www.se.com/ww/en/download/document/sevd-2020-224-03/
Trust: 0.8
title:CVE-2020-7524url:https://github.com/alaial90/cve-2020-7524 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-7524 // 
            
            
            
            JVNDB: JVNDB-2020-010576

EXTERNAL IDS
db:NVDid:CVE-2020-7524
Trust: 2.5
db:SCHNEIDERid:SEVD-2020-224-03
Trust: 1.7
db:JVNDBid:JVNDB-2020-010576
Trust: 0.8
db:CNNVDid:CNNVD-202008-1469
Trust: 0.6
db:VULMONid:CVE-2020-7524
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-7524 // 
            
            
            
            JVNDB: JVNDB-2020-010576 // 
            
            
            
            CNNVD: CNNVD-202008-1469 // 
            
            
            
            NVD: CVE-2020-7524

REFERENCES
url:https://www.se.com/ww/en/download/document/sevd-2020-224-03/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-7524
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7524
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-7524
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-7524 // 
            
            
            
            JVNDB: JVNDB-2020-010576 // 
            
            
            
            CNNVD: CNNVD-202008-1469 // 
            
            
            
            NVD: CVE-2020-7524

SOURCES
db:VULMONid:CVE-2020-7524
db:JVNDBid:JVNDB-2020-010576
db:CNNVDid:CNNVD-202008-1469
db:NVDid:CVE-2020-7524

LAST UPDATE DATE
2022-05-04T09:02:31.131000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-7524date:2021-08-26T00:00:00
db:JVNDBid:JVNDB-2020-010576date:2021-01-28T02:40:08
db:CNNVDid:CNNVD-202008-1469date:2022-03-10T00:00:00
db:NVDid:CVE-2020-7524date:2022-01-31T19:52:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-7524date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-010576date:2021-01-28T02:40:08
db:CNNVDid:CNNVD-202008-1469date:2020-08-31T00:00:00
db:NVDid:CVE-2020-7524date:2020-08-31T17:15:00