CVE-2018-7240
N/A
N/A
Summary
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric SE | Modicon Quantum | All versions of Modicon Quantum communication modules | affected |
Weaknesses
- Arbritrary Code Execution
ADP Enrichment
CVE Program Container
Additional References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
- http://www.securityfocus.com/bid/103541
- https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
- http://www.securityfocus.com/bid/103541
- https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.