Lucene search

SchneiderCVE-2018-7844

HistoryMay 22, 2019 - 9:29 p.m.

CVE-2018-7844

2019-05-2221:29:00

CWE-200

schneider

web.nvd.nist.gov

cve-2018-7844

information exposure

modicon plcs

modbus

snmp

cve

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

61.7%

JSON

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.

Affected configurations

Nvd

Node

schneider-electricmodicon_premium_firmware

AND

schneider-electricmodicon_premiumMatch-

Node

schneider-electricmodicon_quantum_firmware

AND

schneider-electricmodicon_quantumMatch-

Node

schneider-electricmodicon_m340_firmware

AND

schneider-electricmodicon_m340Match-

Node

schneider-electricmodicon_m580_firmware

AND

schneider-electricmodicon_m580Match-

VendorProductVersionCPE
schneider-electricmodicon_premium_firmware*cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_premium-cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*
schneider-electricmodicon_quantum_firmware*cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_quantum-cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*
schneider-electricmodicon_m340_firmware*cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340-cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*
schneider-electricmodicon_m580_firmware*cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m580-cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	modicon_premium_firmware	*	cpe:2.3:o:schneider-electric:modicon_premium_firmware::::::::
schneider-electric	modicon_premium	-	cpe:2.3:h:schneider-electric:modicon_premium:-:::::::*
schneider-electric	modicon_quantum_firmware	*	cpe:2.3:o:schneider-electric:modicon_quantum_firmware::::::::
schneider-electric	modicon_quantum	-	cpe:2.3:h:schneider-electric:modicon_quantum:-:::::::*
schneider-electric	modicon_m340_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_firmware::::::::
schneider-electric	modicon_m340	-	cpe:2.3:h:schneider-electric:modicon_m340:-:::::::*
schneider-electric	modicon_m580_firmware	*	cpe:2.3:o:schneider-electric:modicon_m580_firmware::::::::
schneider-electric	modicon_m580	-	cpe:2.3:h:schneider-electric:modicon_m580:-:::::::*

CNA Affected

[
  {
    "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium"
      }
    ]
  }
]

References

www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

61.7%

JSON

Related for CVE-2018-7844