CVE-2018-7845

A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*

History

03 Feb 2022, 14:06

Type Values Removed Values Added
References (MISC) https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745 - (MISC) https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745 - Exploit, Third Party Advisory
CPE cpe:2.3:h:se:modicon_m340:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*

31 Jan 2022, 19:45

Type Values Removed Values Added
CPE cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:* cpe:2.3:h:se:modicon_m340:-:*:*:*:*:*:*:*

Information

Published : 2019-05-22 20:29

Updated : 2024-02-04 20:20


NVD link : CVE-2018-7845

Mitre link : CVE-2018-7845

CVE.ORG link : CVE-2018-7845


JSON object : View

Products Affected

schneider-electric

  • modicon_quantum_firmware
  • modicon_m580
  • modicon_m340_firmware
  • modicon_quantum
  • modicon_m340
  • modicon_premium_firmware
  • modicon_premium
  • modicon_m580_firmware
CWE
CWE-125

Out-of-bounds Read