CVE-2018-7794

Published: Jan 6, 2020Modified: May 29, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

Affected (29)

Products: Schneider Electric: Modicon M580 Firmware, Modicon M340 Firmware, Tsxh5744m Firmware, Tsxh5724m Firmware, Tsxp576634m Firmware, Tsxp57554m Firmware, Tsxp575634m Firmware, Tsxp57454m Firmware, Tsxp574634m Firmware, Tsxp57354m Firmware, Tsxp573634m Firmware, Tsxp57304m Firmware, Tsxp57254m Firmware, Tsxp572634m Firmware, Tsxp57204m Firmware, Tsxp571634m Firmware, Tsxp57154m Firmware, Tsxp57104m Firmware, 140cpu65150 Firmware, 140cpu65160 Firmware, 140cpu65260 Firmware, 140cpu67060 Firmware, 140cpu67160 Firmware, 140cpu67261 Firmware, 140cpu67260 Firmware, 140cpu65860 Firmware, 140cpu67861 Firmware, 140cpu65160s Firmware, 140cpu67160s Firmware

Schneider Electric

29 products

Modicon M580 Firmware

Modicon M340 Firmware

140cpu65160s Firmware

140cpu67160s Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Firmware	Before 2.80

Running on/with	Platform Versions
Schneider Electric Modicon M580	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Firmware	Before 3.01

Running on/with	Platform Versions
Schneider Electric Modicon M340	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxh5744m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxh5744m	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxh5724m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxh5724m	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp576634m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp576634m	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57554m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp57554m	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp575634m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp575634m	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57454m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp57454m	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp574634m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp574634m	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57354m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp57354m	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp573634m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp573634m	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57304m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp57304m	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57254m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp57254m	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp572634m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp572634m	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57204m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp57204m	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp571634m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp571634m	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57154m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp57154m	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57104m Firmware	Before 3.20

Running on/with	Platform Versions
Schneider Electric Tsxp57104m	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu65150 Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu65150	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu65160 Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu65160	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu65260 Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu65260	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu67060 Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu67060	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu67160 Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu67160	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu67261 Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu67261	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu67260 Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu67260	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu65860 Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu65860	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu67861 Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu67861	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu65160s Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu65160s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu67160s Firmware	Before 3.52

Running on/with	Platform Versions
Schneider Electric 140cpu67160s	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2019-344-01

Source: cybersecurity@se.com

Vendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2019-344-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.