CVE-2020-7564

high

Published 2020-11-18 · Modified 2026-05-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.8

Description

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions
schneider-electric	modicon_tsxety4103	`-`
schneider-electric	modicon_tsxety5103	`-`
schneider-electric	modicon_tsxp574634	`-`
schneider-electric	modicon_tsxp575634	`-`
schneider-electric	modicon_tsxp576634	`-`
schneider-electric	modicon_quantum_140noe77101	`-`
schneider-electric	modicon_quantum_140noe77111	`-`
schneider-electric	modicon_quantum_140noc78100	`-`
schneider-electric	modicon_quantum_140cpu65150	`-`
schneider-electric	modicon_quantum_140cpu65150c	`-`
schneider-electric	modicon_quantum_140cpu65160c	`-`
schneider-electric	modicon_quantum_140cpu65160	`-`
schneider-electric	modicon_m340_bmx_p34-2010	`-`
schneider-electric	modicon_m340_bmx_p34-2030	`-`
schneider-electric	modicon_m340_bmx_noc_0401	`-`
schneider-electric	modicon_m340_bmx_noe_0100	`-`
schneider-electric	modicon_m340_bmx_noe_0100h	`-`
schneider-electric	modicon_m340_bmx_noe_0110	`-`
schneider-electric	modicon_m340_bmx_noe_0110h	`-`
schneider-electric	modicon_m340_bmx_nor_0200h	`-`

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-01/

CWEs

CWE-120

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.