Vulnerability CVE-2018-7847
Published: 2019-05-22

Description:
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.

Type:

CWE-284

 (Improper Access Control)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Schneider-electric -> Modicon m340 firmware 
Schneider-electric -> Modicon m580 firmware 
Schneider-electric -> Modicon premium firmware 
Schneider-electric -> Modicon quantum firmware 

 References:
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743
Copyright 2024, cxsecurity.com

 

Back to Top