Denial of Service Vulnerability in Modicon Controllers by Schneider Electric
CVE-2018-7855

7.5HIGH

Key Information:

Vendor
Schneider Electric
Status
Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
Vendor
CVE Published:
22 May 2019

Summary

An uncaught exception vulnerability exists in all versions of Schneider Electric's Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium controllers. This vulnerability could allow an attacker to induce a Denial of Service condition by sending malformed breakpoint parameters to the device over the Modbus protocol. The lack of proper error handling may lead to interruptions in service, affecting the operational reliability of the affected controllers.

Affected Version(s)

Modicon M580 Modicon M340 Modicon Quantum Modicon Premium Modicon M580 Modicon M340 Modicon Quantum Modicon Premium

References

https://www.schneider-electric.com/en/download/document/S...
x_refsource_MISC
https://www.talosintelligence.com/vulnerability_reports/T...
x_refsource_MISC
https://www.talosintelligence.com/vulnerability_reports/T...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.