Multiple vulnerabilities in Schneider Electric Modicon Controllers
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-7856 CVE-2018-7843 |
| CWE-ID | CWE-248 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Modicon Quantum Hardware solutions / Firmware Modicon Premium Hardware solutions / Firmware Modicon M340 Hardware solutions / Firmware Modicon M580 Hardware solutions / Firmware |
| Vendor | Schneider Electric |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Uncaught Exception
EUVDB-ID: #VU21490
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2018-7856
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when writing invalid memory blocks to the controller over Modbus. A remote attacker can cause a denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.41
CPE2.3- cpe:2.3:h:schneider_electric:modicon_quantum:*:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_premium:*:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m340:*:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m580:1.04:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m580:1.13:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m580:2.01:*:*:*:*:*:*:*
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Uncaught Exception
EUVDB-ID: #VU21496
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2018-7843
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus. A remote attacker can cause a denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.41
CPE2.3- cpe:2.3:h:schneider_electric:modicon_quantum:*:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_premium:*:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m340:*:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m580:1.04:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m580:1.13:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m580:2.01:*:*:*:*:*:*:*
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
