CVE-2018-7851

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.8 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/	Vendor Advisory
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:m580_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:bmeh582040:-:::::::*
	cpe:2.3:h:schneider-electric:bmeh582040c:-:::::::*
	cpe:2.3:h:schneider-electric:bmeh584040:-:::::::*
	cpe:2.3:h:schneider-electric:bmeh584040c:-:::::::*
	cpe:2.3:h:schneider-electric:bmeh586040:-:::::::*
	cpe:2.3:h:schneider-electric:bmeh586040c:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:m340_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:bmx\/e_cra_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:bmxcra31200:-:::::::*
	cpe:2.3:h:schneider-electric:bmxcra31210c:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:140cra312xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cra312xxx:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:12

Type	Values Removed	Values Added
References	~~() https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/ - Vendor Advisory~~	() https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/ - Vendor Advisory

10 Apr 2024, 12:28

Type	Values Removed	Values Added
CPE	cpe:2.3:h:schneider-electric:bmxp342020h:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420302cl:-:::::::* cpe:2.3:h:schneider-electric:bmxp342000:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420102:-:::::::* cpe:2.3:h:schneider-electric:bmxp341000:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420102cl:-:::::::* cpe:2.3:h:schneider-electric:bmxp342020:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420302h:-:::::::* cpe:2.3:h:schneider-electric:bmxp341000h:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420302:-:::::::*	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:::::::*
First Time		Schneider-electric modicon M340 Bmxp341000h Schneider-electric modicon M340 Bmxp342000 Schneider-electric modicon M340 Bmxp3420302cl Schneider-electric modicon M340 Bmxp342020 Schneider-electric modicon M340 Bmxp341000 Schneider-electric modicon M340 Bmxp3420102cl Schneider-electric modicon M340 Bmxp3420102 Schneider-electric modicon M340 Bmxp3420302h Schneider-electric modicon M340 Bmxp3420302 Schneider-electric modicon M340 Bmxp342020h

18 Aug 2021, 22:42

Type	Values Removed	Values Added
CPE	cpe:2.3:h:schneider-electric:bmep581020h:-:::::::* cpe:2.3:h:schneider-electric:bmep582040:-:::::::* cpe:2.3:h:schneider-electric:bmep584040:-:::::::* cpe:2.3:h:schneider-electric:bmep582020:-:::::::* cpe:2.3:h:schneider-electric:bmep586040c:-:::::::* cpe:2.3:h:schneider-electric:bmep582020h:-:::::::* cpe:2.3:h:schneider-electric:bmep584040s:-:::::::* cpe:2.3:h:schneider-electric:bmep585040:-:::::::* cpe:2.3:h:schneider-electric:bmep581020:-:::::::* cpe:2.3:h:schneider-electric:bmep586040:-:::::::* cpe:2.3:h:schneider-electric:bmep583020:-:::::::* cpe:2.3:h:schneider-electric:bmep585040c:-:::::::* cpe:2.3:h:schneider-electric:bmep582040s:-:::::::* cpe:2.3:h:schneider-electric:bmep584020:-:::::::* cpe:2.3:h:schneider-electric:bmep582040h:-:::::::* cpe:2.3:h:schneider-electric:bmep583040:-:::::::*	cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:::::::* cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:::::::*

Information

Published : 2019-05-22 20:29

Updated : 2024-11-21 04:12

NVD link : CVE-2018-7851

Mitre link : CVE-2018-7851

CVE.ORG link : CVE-2018-7851

JSON object : View

Products Affected

schneider-electric

modicon_m580_bmep582020h
modicon_m340_bmxp342020h
140cra312xxx
modicon_m340_bmxp342020
modicon_m340_bmxp341000
modicon_premium
bmeh584040c
bmeh584040
modicon_m580_bmep583020
bmeh586040
bmeh582040
modicon_m340_bmxp3420302
modicon_premium_firmware
modicon_m340_bmxp3420302h
modicon_m340_bmxp3420302cl
modicon_m340_bmxp3420102cl
m340_firmware
modicon_m340_bmxp3420102
modicon_m580_bmep585040c
140cra312xxx_firmware
modicon_m580_bmep584040
m580_firmware
modicon_m340_bmxp342000
bmxcra31200
bmeh586040c
bmeh582040c
modicon_m580_bmep582040
modicon_m580_bmep584020
modicon_m580_bmep586040c
modicon_m580_bmep583040
modicon_m580_bmep582040h
modicon_m580_bmep581020h
modicon_m580_bmep585040
modicon_m580_bmep586040
modicon_m580_bmep581020
modicon_m340_bmxp341000h
modicon_m580_bmep582020
modicon_m580_bmep582040s
bmx\/e_cra_firmware
modicon_m580_bmep584040s
bmxcra31210c

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2018-7851

6.5^/10

6.8^/10

Attach tags to `CVE-2018-7851`