10
CVE-2015-7937
- EPSS 4.68%
- Veröffentlicht 21.12.2015 11:59:12
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Bmxnoc0401 Version-
Schneider-electric ≫ Bmxnoe0100 Version-
Schneider-electric ≫ Bmxnoe0100h Version-
Schneider-electric ≫ Bmxnoe0110 Version-
Schneider-electric ≫ Bmxnoe0110h Version-
Schneider-electric ≫ Bmxnor0200 Version-
Schneider-electric ≫ Bmxnor0200h Version-
Schneider-electric ≫ Bmxpra0100 Version-
Schneider-electric ≫ Modicon M340 Bmxp342020 Version-
Schneider-electric ≫ Modicon M340 Bmxp342020h Version-
Schneider-electric ≫ Modicon M340 Bmxp342030 Version-
Schneider-electric ≫ Modicon M340 Bmxp3420302 Version-
Schneider-electric ≫ Modicon M340 Bmxp3420302h Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.68% | 0.889 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.