(PT-2018-21) Positive Technologies Security Advisory
Buffer overflow in Schneider Electric Modicon Premium, Modicon Quantum and Modicon M340
Modicon Premium, Modicon Quantum and Modicon M340
Version: all versions
Danger level: High
Impact: Denial of service
Attack vector: Remote
Base Score: 7.5
Vector: (AV: N / AC: L / PR: N / UI: N / S: U / C: N / I: N / A: H)
Description of the vulnerability
The specialists of Positive Research Research Center Positive Technologies have discovered the vulnerability “Buffer overflow” in Schneider Electric Modicon Premium, Modicon Quantum and Modicon M340.
Vulnerability in Web services for processing SOAP requests allows attackers to cause buffer overflows.
04/28/2017 – The manufacturer sent details of the vulnerabilities
03/22/2018 – The manufacturer issued a correction
September 3, 2013 – Publication of the vulnerability
Vulnerability was discovered by Nikita Maksimov (Positive Research Research Center of Positive Technologies)
About Positive Technologies
Positive Technologies is one of the leading Russian companies in the field of information security.
The main activities of the company are the development of integrated information security monitoring systems (XSpider, MaxPatrol); provision of consulting and services in the field of information security; development of a specialized portal.
Customers of Positive Technologies are more than 40 state institutions, more than 50 banks and financial institutions, 20 telecommunications companies, more than 40 industrial enterprises, IT companies, service and retail companies in Russia, CIS, Baltic countries, as well as Great Britain, Germany, Holland, Israel , Iran, China, Mexico, USA, Thailand, Turkey, Ecuador, South Africa, Japan.
Positive Technologies is a team of highly qualified developers, consultants and experts who have great practical experience, have professional titles and certificates, are members of international organizations and actively participate in the development of the industry.