CVE-2018-7851

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 22-05-2019 10:29

Last modified: - 19-04-2022 05:35

Total changes: - 4

Description

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

6.5

Base score

2.8

3.6

Exploitability score

Impact score

Verification logic

AND

vendor=schneider-electric AND product=m580_firmware AND versionEndExcluding=2.50

vendor=schneider-electric AND product=modicon_m580_bmep582040 AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep582040h AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep583020 AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep583040 AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep584040s AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep581020 AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep582020 AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep585040 AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep582040s AND version=-

vendor=schneider-electric AND product=bmeh584040 AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep586040c AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep586040 AND version=-

vendor=schneider-electric AND product=bmeh586040 AND version=-

vendor=schneider-electric AND product=bmeh586040c AND version=-

vendor=schneider-electric AND product=bmeh582040 AND version=-

vendor=schneider-electric AND product=bmeh582040c AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep584040 AND version=-

vendor=schneider-electric AND product=bmeh584040c AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep581020h AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep582020h AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep584020 AND version=-

vendor=schneider-electric AND product=modicon_m580_bmep585040c AND version=-

AND

vendor=schneider-electric AND product=m340_firmware AND versionEndExcluding=3.01

vendor=schneider-electric AND product=bmxp3420302cl AND version=-

vendor=schneider-electric AND product=bmxp3420302h AND version=-

vendor=schneider-electric AND product=bmxp342020 AND version=-

vendor=schneider-electric AND product=bmxp342020h AND version=-

vendor=schneider-electric AND product=bmxp342000 AND version=-

vendor=schneider-electric AND product=bmxp3420102cl AND version=-

vendor=schneider-electric AND product=bmxp341000 AND version=-

vendor=schneider-electric AND product=bmxp3420102 AND version=-

vendor=schneider-electric AND product=bmxp3420302 AND version=-

vendor=schneider-electric AND product=bmxp341000h AND version=-

AND

vendor=schneider-electric AND product=bmx\/e_cra_firmware AND versionEndExcluding=2.40

vendor=schneider-electric AND product=bmxcra31200 AND version=-

vendor=schneider-electric AND product=bmxcra31210c AND version=-

AND

vendor=schneider-electric AND product=modicon_premium_firmware

vendor=schneider-electric AND product=modicon_premium AND version=-

AND

vendor=schneider-electric AND product=140cra312xxx_firmware

vendor=schneider-electric AND product=140cra312xxx AND version=-

Reference

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/

Keywords

CVE-2018-7851

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2018-7851

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures