CVE-2015-7937
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
21/12/2015
Last modified:
12/04/2025
Description
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:bmxnoe0100h:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:bmxnoe0110h:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:bmxnor0200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:bmxpra0100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01
- http://www.securityfocus.com/bid/79622
- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01
- http://www.securityfocus.com/bid/79622
- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01