← Back

CVE-2018-7851

nvd nist
Published: May 22, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.

Affected (5)

Schneider Electric
5 products
M580 Firmware
M340 Firmware
Bmx/e Cra Firmware
Modicon Premium Firmware
140cra312xxx Firmware
Configuration A
1 vulnerable · 22 platform
Vulnerable SoftwareAffected Versions
M580 Firmware
Before 2.50
Running on/withPlatform Versions
Schneider Electric
Bmeh582040
All versions
Schneider Electric
Bmeh582040c
All versions
Schneider Electric
Bmeh584040
All versions
Schneider Electric
Bmeh584040c
All versions
Schneider Electric
Bmeh586040
All versions
Schneider Electric
Bmeh586040c
All versions
Schneider Electric
Modicon M580 Bmep581020
All versions
Schneider Electric
Modicon M580 Bmep581020h
All versions
Schneider Electric
Modicon M580 Bmep582020
All versions
Schneider Electric
Modicon M580 Bmep582020h
All versions
Schneider Electric
Modicon M580 Bmep582040
All versions
Schneider Electric
Modicon M580 Bmep582040h
All versions
Schneider Electric
Modicon M580 Bmep582040s
All versions
Schneider Electric
Modicon M580 Bmep583020
All versions
Schneider Electric
Modicon M580 Bmep583040
All versions
Schneider Electric
Modicon M580 Bmep584020
All versions
Schneider Electric
Modicon M580 Bmep584040
All versions
Schneider Electric
Modicon M580 Bmep584040s
All versions
Schneider Electric
Modicon M580 Bmep585040
All versions
Schneider Electric
Modicon M580 Bmep585040c
All versions
Schneider Electric
Modicon M580 Bmep586040
All versions
Schneider Electric
Modicon M580 Bmep586040c
All versions
Configuration B
1 vulnerable · 10 platform
Vulnerable SoftwareAffected Versions
M340 Firmware
Before 3.01
Running on/withPlatform Versions
Schneider Electric
Modicon M340 Bmxp341000
All versions
Schneider Electric
Modicon M340 Bmxp341000h
All versions
Schneider Electric
Modicon M340 Bmxp342000
All versions
Schneider Electric
Modicon M340 Bmxp3420102
All versions
Schneider Electric
Modicon M340 Bmxp3420102cl
All versions
Schneider Electric
Modicon M340 Bmxp342020
All versions
Schneider Electric
Modicon M340 Bmxp342020h
All versions
Schneider Electric
Modicon M340 Bmxp3420302
All versions
Schneider Electric
Modicon M340 Bmxp3420302cl
All versions
Schneider Electric
Modicon M340 Bmxp3420302h
All versions
Configuration C
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Bmx/e Cra Firmware
Before 2.40
Running on/withPlatform Versions
Schneider Electric
Bmxcra31200
All versions
Schneider Electric
Bmxcra31210c
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Premium Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Premium
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
140cra312xxx Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
140cra312xxx
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.