Vulnerabilities > CVE-2018-7857 - Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
schneider-electric
CWE-754
NVD
Published: 2019-05-22
Updated: 2022-02-03

Summary

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.

Vulnerable Configurations

Part Description Count
OS
Schneider-Electric
10
Hardware
Schneider-Electric
4

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0768
last seen2019-06-11
published2019-06-10
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768
titleSchneider Electric Modicon M580 UMAS write system coils and holding registers denial-of-service vulnerability

References