Vulnerabilities > CVE-2018-7849 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
schneider-electric
CWE-755

Summary

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.

Talos

idTALOS-2018-0737
last seen2019-06-11
published2019-06-10
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737
titleSchneider Electric Modicon M580 UMAS strategy transfer denial-of-service vulnerability