Information Exposure in Schneider Electric Modicon Controllers
CVE-2018-7844

7.5HIGH

Key Information:

Vendor

Schneider Electric
Status
Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
Vendor
CVE Published:
22 May 2019

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 13%

What is CVE-2018-7844?

A vulnerability affecting Schneider Electric's Modicon product line, including the M580, M340, Quantum, and Premium models, allows unauthorized access to sensitive SNMP information. This occurs when memory blocks are read from the controller via Modbus, potentially exposing sensitive data that could aid attackers in further compromising the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Modicon M580 Modicon M340 Modicon Quantum Modicon Premium Modicon M580 Modicon M340 Modicon Quantum Modicon Premium

References

https://www.schneider-electric.com/en/download/document/S...
x_refsource_MISC
https://www.talosintelligence.com/vulnerability_reports/T...
x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.