CVE-2018-7854

Published: May 22, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.

Affected (4)

Products: Schneider Electric: Modicon Premium Firmware, Modicon Quantum Firmware, Modicon M340 Firmware, Modicon M580 Firmware

Schneider Electric

4 products

Modicon Premium Firmware

Modicon Quantum Firmware

Modicon M340 Firmware

Modicon M580 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon Premium Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon Premium	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon Quantum Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon Quantum	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Firmware	Before 3.10

Running on/with	Platform Versions
Schneider Electric Modicon M340	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Firmware	Before 2.90

Running on/with	Platform Versions
Schneider Electric Modicon M580	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (4)

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

Source: cybersecurity@se.com

MitigationVendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765

Source: cybersecurity@se.com

ExploitThird Party Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.