Vulnerabilities > CVE-2018-7794 - Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

schneider-electric

CWE-754

NVD

Published: 2020-01-06

Updated: 2022-02-03

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Modicon M580 Firmware - Schneider Electric Modicon M580 Firmware 2.10 Schneider Electric Modicon M580 Firmware 2.12 Schneider Electric Modicon M580 Firmware 2.30 Schneider Electric Modicon M580 Firmware 2.41 Schneider Electric Modicon M340 Firmware - Schneider Electric Tsxh5744M Firmware - Schneider Electric Tsxh5724M Firmware - Schneider Electric Tsxp576634M Firmware - Schneider Electric Tsxp57554M Firmware - Schneider Electric Tsxp575634M Firmware - Schneider Electric Tsxp57454M Firmware - Schneider Electric Tsxp574634M Firmware - Schneider Electric Tsxp57354M Firmware - Schneider Electric Tsxp573634M Firmware - Schneider Electric Tsxp57304M Firmware - Schneider Electric Tsxp57254M Firmware - Schneider Electric Tsxp572634M Firmware - Schneider Electric Tsxp57204M Firmware - Schneider Electric Tsxp571634M Firmware - Schneider Electric Tsxp57154M Firmware - Schneider Electric Tsxp57104M Firmware - Schneider Electric 140Cpu65150 Firmware - Schneider Electric 140Cpu65160 Firmware - Schneider Electric 140Cpu65260 Firmware - Schneider Electric 140Cpu67261 Firmware * Schneider Electric 140Cpu67060 Firmware * Schneider Electric 140Cpu67160 Firmware * Schneider Electric 140Cpu67260 Firmware * Schneider Electric 140Cpu65860 Firmware - Schneider Electric 140Cpu67861 Firmware * Schneider Electric 140Cpu65160S Firmware - Schneider Electric 140Cpu67160S Firmware *	33
Hardware	Schneider-Electric Schneider Electric Modicon M580 - Schneider Electric Modicon M340 - Schneider Electric Tsxh5744M - Schneider Electric Tsxh5724M - Schneider Electric Tsxp576634M - Schneider Electric Tsxp57554M - Schneider Electric Tsxp575634M - Schneider Electric Tsxp57454M - Schneider Electric Tsxp574634M - Schneider Electric Tsxp57354M - Schneider Electric Tsxp573634M - Schneider Electric Tsxp57304M - Schneider Electric Tsxp57254M - Schneider Electric Tsxp572634M - Schneider Electric Tsxp57204M - Schneider Electric Tsxp571634M - Schneider Electric Tsxp57154M - Schneider Electric Tsxp57104M - Schneider Electric 140Cpu65150 - Schneider Electric 140Cpu65160 - Schneider Electric 140Cpu65260 - Schneider Electric 140Cpu67261 - Schneider Electric 140Cpu67060 - Schneider Electric 140Cpu67160 - Schneider Electric 140Cpu67260 - Schneider Electric 140Cpu65860 - Schneider Electric 140Cpu67861 - Schneider Electric 140Cpu65160S - Schneider Electric 140Cpu67160S -	29

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://www.se.com/ww/en/download/document/SEVD-2019-344-01