Vulnerability CVE-2018-7240


Published: 2018-04-18   Modified: 2018-04-19

Description:
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.

Type:

CWE-787

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Schneider-electric -> 140cpu31110 firmware 
Schneider-electric -> 140cpu31110c firmware 
Schneider-electric -> 140cpu43412u firmware 
Schneider-electric -> 140cpu43412uc firmware 
Schneider-electric -> 140cpu65150 firmware 
Schneider-electric -> 140cpu65150c firmware 
Schneider-electric -> 140cpu65160 firmware 
Schneider-electric -> 140cpu65160c firmware 
Schneider-electric -> 140cpu65160s firmware 
Schneider-electric -> 140cpu65260 firmware 
Schneider-electric -> 140cpu65260c firmware 
Schneider-electric -> 140cpu65860 firmware 
Schneider-electric -> 140cpu65860c firmware 

 References:
http://www.securityfocus.com/bid/103541
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/

Copyright 2022, cxsecurity.com

 

Back to Top