Lucene search

SchneiderCVE-2018-7856

HistoryMay 22, 2019 - 9:29 p.m.

CVE-2018-7856

2019-05-2221:29:00

CWE-754

schneider

web.nvd.nist.gov

cve-2018-7856

cwe-248

uncaught exception

modicon m580

modicon m340

modicon quantum

modicon premium

denial of service

modbus

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

54.0%

JSON

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.

Affected configurations

Nvd

Node

schneider-electricmodicon_premium_firmwareMatch-

AND

schneider-electricmodicon_premiumMatch-

Node

schneider-electricmodicon_quantum_firmwareMatch-

AND

schneider-electricmodicon_quantumMatch-

Node

schneider-electricmodicon_m340_firmwareRange<3.10

AND

schneider-electricmodicon_m340Match-

Node

schneider-electricmodicon_m580_firmwareRange<2.90

AND

schneider-electricmodicon_m580Match-

VendorProductVersionCPE
schneider-electricmodicon_premium_firmware-cpe:2.3:o:schneider-electric:modicon_premium_firmware:-:*:*:*:*:*:*:*
schneider-electricmodicon_premium-cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*
schneider-electricmodicon_quantum_firmware-cpe:2.3:o:schneider-electric:modicon_quantum_firmware:-:*:*:*:*:*:*:*
schneider-electricmodicon_quantum-cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*
schneider-electricmodicon_m340_firmware*cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340-cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*
schneider-electricmodicon_m580_firmware*cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m580-cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	modicon_premium_firmware	-	cpe:2.3:o:schneider-electric:modicon_premium_firmware:-:::::::*
schneider-electric	modicon_premium	-	cpe:2.3:h:schneider-electric:modicon_premium:-:::::::*
schneider-electric	modicon_quantum_firmware	-	cpe:2.3:o:schneider-electric:modicon_quantum_firmware:-:::::::*
schneider-electric	modicon_quantum	-	cpe:2.3:h:schneider-electric:modicon_quantum:-:::::::*
schneider-electric	modicon_m340_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_firmware::::::::
schneider-electric	modicon_m340	-	cpe:2.3:h:schneider-electric:modicon_m340:-:::::::*
schneider-electric	modicon_m580_firmware	*	cpe:2.3:o:schneider-electric:modicon_m580_firmware::::::::
schneider-electric	modicon_m580	-	cpe:2.3:h:schneider-electric:modicon_m580:-:::::::*

CNA Affected

[
  {
    "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium"
      }
    ]
  }
]

References

www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

54.0%

JSON

Related for CVE-2018-7856