CVE-2013-2761

The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/	Vendor Advisory
http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe01xx:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340:bmxp3420xx:::::::*

History

No history.

Information

Published : 2013-04-04 11:58

Updated : 2013-04-04 13:56

NVD link : CVE-2013-2761

Mitre link : CVE-2013-2761

CVE.ORG link : CVE-2013-2761

JSON object : View

Products Affected

schneider-electric

modicon_m340

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2013-2761", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-04T11:58:49.837", "references": [{"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client."}, {"lang": "es", "value": "Los m\u00f3dulos Schneider Electric M340 BMXNOE01xx y BMXP3420xx PLC, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (ca\u00edda de m\u00f3dulo) a trav\u00e9s de tr\u00e1fico FTP manipulado, como se ha demostrado a trav\u00e9s del cliente Filezilla FTP."}], "lastModified": "2013-04-04T13:56:47.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe01xx:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F425F0AC-58DD-4422-8AF9-2A032A53563C"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxp3420xx:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F06F7917-5901-4A55-BDD7-E5C078BF2363"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}