PT-2018-21: Buffer overflow in Schneider Electric Modicon Premium, Modicon Quantum and Modicon M340

(PT-2018-21) Positive Technologies Security Advisory 
Buffer overflow in Schneider Electric Modicon Premium, Modicon Quantum and Modicon M340

Vulnerable devices

Modicon Premium, Modicon Quantum and Modicon M340 
Version: all versions

Hazard Rating

Danger level: High 
Impact: Denial of service 
Attack vector: Remote

CVSS v3: 
Base Score: 7.5 
Vector: (AV: N / AC: L / PR: N / UI: N / S: U / C: N / I: N / A: H)

CVE: CVE-2018-7762

Description of the vulnerability

The specialists of Positive Research Research Center Positive Technologies have discovered the vulnerability “Buffer overflow” in Schneider Electric Modicon Premium, Modicon Quantum and Modicon M340.

Vulnerability in Web services for processing SOAP requests allows attackers to cause buffer overflows.

Notification Status

04/28/2017 – The manufacturer sent details of the vulnerabilities 
03/22/2018 – The manufacturer issued a correction 
September 3, 2013 – Publication of the vulnerability

Thanks

Vulnerability was discovered by Nikita Maksimov (Positive Research Research Center of Positive Technologies)

 

About Positive Technologies

Positive Technologies is one of the leading Russian companies in the field of information security.
The main activities of the company are the development of integrated information security monitoring systems (XSpider, MaxPatrol); provision of consulting and services in the field of information security; development of a specialized portal.

Customers of Positive Technologies are more than 40 state institutions, more than 50 banks and financial institutions, 20 telecommunications companies, more than 40 industrial enterprises, IT companies, service and retail companies in Russia, CIS, Baltic countries, as well as Great Britain, Germany, Holland, Israel , Iran, China, Mexico, USA, Thailand, Turkey, Ecuador, South Africa, Japan.

Positive Technologies is a team of highly qualified developers, consultants and experts who have great practical experience, have professional titles and certificates, are members of international organizations and actively participate in the development of the industry.

Leave a Reply