N/A

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size computation.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

内存缓冲区边界内操作的限制不恰当

Schneider Electric Modicon M340 缓冲区错误漏洞

Schneider Electric Modicon M340是法国施耐德电气（Schneider Electric）公司的一款用于工业过程和基础设施的中程PLC（可编程逻辑控制器）。 Schneider Electric Modicon M340存在缓冲区错误漏洞，该漏洞源于内存缓冲区边界操作限制不当，在中间人攻击成功后通过发送精心设计的Modbus函数调用来篡改涉及内存大小计算的内存区域，可能导致潜在的任意代码执行。

N/A

N/A