Vulnerabilities > CVE-2018-7846 - Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

CWE-668

critical

NVD

Published: 2019-05-22

Updated: 2022-02-03

Summary

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Modicon M580 Firmware * Schneider Electric Modicon M340 Firmware * Schneider Electric Modicon Quantum Firmware * Schneider Electric Modicon Premium Firmware *	4
Hardware	Schneider-Electric Schneider Electric Modicon M580 - Schneider Electric Modicon M340 - Schneider Electric Modicon Quantum - Schneider Electric Modicon Premium -	4

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Talos

id	TALOS-2018-0735
last seen	2019-06-10
published	2019-06-10
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735
title	Schneider Electric Modicon M580 UMAS release reservation denial-of-service vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Talos

References