CVE-2015-7937

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1780%

EPSS Percentile27.68th

PublishedDec 21, 2015

Last ModifiedMay 6, 2026

Vulnerability Description

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.

Affected Platforms (CPE)

🔌

Schneider Electric

Bmxnoc0401

All versions

🔌

Schneider Electric

Bmxnoe0100

All versions

🔌

Schneider Electric

Bmxnoe0100h

All versions

🔌

Schneider Electric

Bmxnoe0110

All versions

🔌

Schneider Electric

Bmxnoe0110h

All versions

🔌

Schneider Electric

Bmxnor0200

All versions

🔌

Schneider Electric

Bmxnor0200h

All versions

🔌

Schneider Electric

Bmxpra0100

All versions

🔌

Schneider Electric

Modicon M340 Bmxp342020

All versions

🔌

Schneider Electric

Modicon M340 Bmxp342020h

All versions

🔌

Schneider Electric

Modicon M340 Bmxp342030

All versions

🔌

Schneider Electric

Modicon M340 Bmxp3420302

All versions

🔌

Schneider Electric

Modicon M340 Bmxp3420302h

All versions

References & Advisories

🔗 http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01

🔗 http://www.securityfocus.com/bid/79622

🔗 https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01

🔗 http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01

🔗 http://www.securityfocus.com/bid/79622

🔗 https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01

Vulnerability Description

Affected Platforms (CPE)

Bmxnoc0401

Bmxnoe0100

Bmxnoe0100h

Bmxnoe0110

Bmxnoe0110h

Bmxnor0200

Bmxnor0200h

Bmxpra0100

Modicon M340 Bmxp342020

Modicon M340 Bmxp342020h

Modicon M340 Bmxp342030

Modicon M340 Bmxp3420302

Modicon M340 Bmxp3420302h

References & Advisories

Related Vulnerabilities