← Back

CVE-2018-7240

nvd nist
Published: Apr 18, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.

Affected (13)

Schneider Electric
13 products
140cpu65150 Firmware
140cpu31110 Firmware
140cpu43412u Firmware
140cpu65160 Firmware
140cpu65260 Firmware
140cpu65860 Firmware
140cpu65160s Firmware
140cpu65150c Firmware
140cpu31110c Firmware
140cpu43412uc Firmware
140cpu65160c Firmware
140cpu65260c Firmware
140cpu65860c Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu65150 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu65150
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu31110 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu31110
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu43412u Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu43412u
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu65160 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu65160
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu65260 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu65260
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu65860 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu65860
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu65160s Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu65160s
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu65150c Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu65150c
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu31110c Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu31110c
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu43412uc Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu43412uc
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu65160c Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu65160c
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu65260c Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu65260c
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cpu65860c Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cpu65860c
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

Source: cybersecurity@se.com
Third Party AdvisoryVDB Entry
Source: cybersecurity@se.com
Third Party AdvisoryUS Government Resource
Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.