Lucene search

[email protected]CVE-2018-7847

HistoryMay 22, 2019 - 8:29 p.m.

CVE-2018-7847

2019-05-2220:29:01

CWE-287

[email protected]

web.nvd.nist.gov

cwe-284

access control

vulnerability

modicon m580

modicon m340

modicon quantum

modicon premium

denial of service

code execution

modbus

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.

Affected configurations

NVD

Node

schneider-electricmodicon_m580_firmware

AND

schneider-electricmodicon_m580Match-

Node

schneider-electricmodicon_m340_firmware

AND

schneider-electricmodicon_m340Match-

Node

schneider-electricmodicon_quantum_firmware

AND

schneider-electricmodicon_quantumMatch-

Node

schneider-electricmodicon_premium_firmware

AND

schneider-electricmodicon_premiumMatch-

CPENameOperatorVersion
schneider-electric:modicon_m580_firmwareschneider-electric modicon m580 firmwareeq*

CPE	Name	Operator	Version
schneider-electric:modicon_m580_firmware	schneider-electric modicon m580 firmware	eq	*

CNA Affected

[
  {
    "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium"
      }
    ]
  }
]

References

www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742

www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2018-7847

prion1 talos1 nessus2 cvelist1 nvd1 talosblog1