CVE-2015-7937

Published Dec 21, 2015

Last updated 7 months ago

CVSS info 10.0

Overview

Description: Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100h:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C37C1E3E-CA86-4AB5-82A8-BA758F02475D"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110h:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E47DB14-EF4B-4E4E-9DA2-B3F6EFA72BF4"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxnor0200:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABF43229-1E2E-493A-B44F-DD2870559A93"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60D9A366-3394-4275-B884-AE6E7227156E"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxpra0100:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87FE8964-ECA5-4F5C-933D-F527BDDA1316"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References