Description
CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Schneider Electric / BMENOR2200HAll Versions – All Versions
- Schneider Electric / EVLink Pro ACVersions prior to v1.3.10 – Versions prior to v1.3.10
- Schneider Electric / Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)Versions prior to SV4.30 – Versions prior to SV4.30
- Schneider Electric / Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)Versions prior to SV4.21 – Versions prior to SV4.21