CVE-2018-7852
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium | affected |
Weaknesses
- Multiple Vulnerabilities
ADP Enrichment
CVE Program Container
Additional References
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.