CVE-2013-2763 : The Schneider Electric M340 PLC modules allow remote attackers to cause a denial

The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions.

Published 2013-04-04 11:58:50

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2013-2763

Schneider-electric » Modicon M340 Bmx P34-2010 Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmx P34-2010 » Version: N/A
Schneider-electric » Modicon M340 Bmx P34-2030 Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmx P34-2030 » Version: N/A
Schneider-electric » Modicon M340 Bmx Noc 0401 Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmx Noc 0401 » Version: N/A
Schneider-electric » Modicon M340 Bmx Noe 0100 Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmx Noe 0100 » Version: N/A
Schneider-electric » Modicon M340 Bmx Noe 0100h Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmx Noe 0100h » Version: N/A
Schneider-electric » Modicon M340 Bmx Noe 0110 Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmx Noe 0110 » Version: N/A
Schneider-electric » Modicon M340 Bmx Noe 0110h Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmx Noe 0110h » Version: N/A
Schneider-electric » Modicon M340 Bmx Nor 0200h Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmx Nor 0200h » Version: N/A
Schneider-electric » Modicon M340 Bmxp341000 Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmxp341000 » Version: N/A
Schneider-electric » Modicon M340 Bmxp342010 Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmxp342010 » Version: N/A
Schneider-electric » Modicon M340 Bmxp342020 Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmxp342020 » Version: N/A
Schneider-electric » Modicon M340 Bmxp342030 Firmware » Version: N/A
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Schneider-electric » Modicon M340 Bmxp342030 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2013-2763

EPSS FAQ

0.88%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-2763

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2013-2763

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-2763

http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf

404 - File Not Found | CISA
Broken Link;Third Party Advisory;US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-2763

Products affected by CVE-2013-2763

Exploit prediction scoring system (EPSS) score for CVE-2013-2763

CVSS scores for CVE-2013-2763

CWE ids for CVE-2013-2763

References for CVE-2013-2763