CVE-2020-7564

Summary

CVE	CVE-2020-7564
State	PUBLISHED
Assigner	schneider
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-11-18 14:15:13 UTC
Updated	2026-05-29 14:16:22 UTC
Description	A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.

Risk And Classification

Primary CVSS: v3.1 8.8 HIGH from [email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS: 0.009750000 probability, percentile 0.769990000 (date 2026-06-02)

Problem Types: CWE-120 | CWE-120 CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	8.8	HIGH	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`
3.1	ADP	DECLARED	6.3	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H`
3.1	134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	6.3	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H`
2.0	[email protected]	Primary	6.5		`AV:N/AC:L/Au:S/C:P/I:P/A:P`

CVSS v3.1 Breakdown

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Schneider-electric	Modicon M340 Bmx Noc 0401	-	All	All	All
Operating System	Schneider-electric	Modicon M340 Bmx Noc 0401 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon M340 Bmx Noe 0100	-	All	All	All
Hardware	Schneider-electric	Modicon M340 Bmx Noe 0100h	-	All	All	All
Operating System	Schneider-electric	Modicon M340 Bmx Noe 0100h Firmware	All	All	All	All
Operating System	Schneider-electric	Modicon M340 Bmx Noe 0100 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon M340 Bmx Noe 0110	-	All	All	All
Hardware	Schneider-electric	Modicon M340 Bmx Noe 0110h	-	All	All	All
Operating System	Schneider-electric	Modicon M340 Bmx Noe 0110h Firmware	All	All	All	All
Operating System	Schneider-electric	Modicon M340 Bmx Noe 0110 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon M340 Bmx Nor 0200h	-	All	All	All
Operating System	Schneider-electric	Modicon M340 Bmx Nor 0200h Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon M340 Bmx P34-2010	-	All	All	All
Operating System	Schneider-electric	Modicon M340 Bmx P34-2010 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon M340 Bmx P34-2030	-	All	All	All
Operating System	Schneider-electric	Modicon M340 Bmx P34-2030 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Quantum 140cpu65150	-	All	All	All
Hardware	Schneider-electric	Modicon Quantum 140cpu65150c	-	All	All	All
Operating System	Schneider-electric	Modicon Quantum 140cpu65150c Firmware	All	All	All	All
Operating System	Schneider-electric	Modicon Quantum 140cpu65150 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Quantum 140cpu65160	-	All	All	All
Hardware	Schneider-electric	Modicon Quantum 140cpu65160c	-	All	All	All
Operating System	Schneider-electric	Modicon Quantum 140cpu65160c Firmware	All	All	All	All
Operating System	Schneider-electric	Modicon Quantum 140cpu65160 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Quantum 140noc78100	-	All	All	All
Operating System	Schneider-electric	Modicon Quantum 140noc78100 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Quantum 140noe77101	-	All	All	All
Operating System	Schneider-electric	Modicon Quantum 140noe77101 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Quantum 140noe77111	-	All	All	All
Operating System	Schneider-electric	Modicon Quantum 140noe77111 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Tsxety4103	-	All	All	All
Operating System	Schneider-electric	Modicon Tsxety4103 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Tsxety5103	-	All	All	All
Operating System	Schneider-electric	Modicon Tsxety5103 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Tsxp574634	-	All	All	All
Operating System	Schneider-electric	Modicon Tsxp574634 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Tsxp575634	-	All	All	All
Operating System	Schneider-electric	Modicon Tsxp575634 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon Tsxp576634	-	All	All	All
Operating System	Schneider-electric	Modicon Tsxp576634 Firmware	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	Web Server On Modicon M340 Modicon Quantum And Modicon Premium Legacy Offers And Their Communication Modules See Notification For Details	affected Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details)	Not specified

References

Reference	Source	Link	Tags
Security Notification - Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules \| Schneider Electric	af854a3a-2127-422b-91ae-364da2661108	www.se.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590469 Schneider Electric Web Server on Modicon M340 Multiple Vulnerabilities (ICSA-21-005-01)