Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7838

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

Published

2019-07-15T21:15:10.477

Last Modified

2024-11-21T04:12:51.240

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

6.9

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	schneider-electric	bmenoc0301_firmware	< 2.16	Yes
Hardware	schneider-electric	bmenoc0301	-	No
Operating System	schneider-electric	modicon_m580_bmep584040_firmware	< 2.90	Yes
Hardware	schneider-electric	bmeh584040	-	No
Hardware	schneider-electric	bmeh584040c	-	No
Hardware	schneider-electric	modicon_m580_bmep584040	-	No
Hardware	schneider-electric	modicon_m580_bmep584040s	-	No
Operating System	schneider-electric	modicon_m580_bmep586040_firmware	< 2.90	Yes
Hardware	schneider-electric	modicon_m580_bmep586040	-	No
Hardware	schneider-electric	modicon_m580_bmep586040c	-	No
Operating System	schneider-electric	bmeh586040_firmware	< 2.90	Yes
Hardware	schneider-electric	bmeh586040	-	No
Hardware	schneider-electric	bmeh586040c	-	No
Operating System	schneider-electric	modicon_m580_bmep581020_firmware	< 2.90	Yes
Hardware	schneider-electric	modicon_m580_bmep581020	-	No
Hardware	schneider-electric	modicon_m580_bmep581020h	-	No
Operating System	schneider-electric	modicon_m580_bmep582020_firmware	< 2.90	Yes
Hardware	schneider-electric	modicon_m580_bmep582020	-	No
Hardware	schneider-electric	modicon_m580_bmep582020h	-	No
Operating System	schneider-electric	modicon_m580_bmep582040_firmware	< 2.90	Yes
Hardware	schneider-electric	modicon_m580_bmep582040	-	No
Hardware	schneider-electric	modicon_m580_bmep582040h	-	No
Operating System	schneider-electric	modicon_m580_bmep583020_firmware	< 2.90	Yes
Hardware	schneider-electric	modicon_m580_bmep583020	-	No
Operating System	schneider-electric	modicon_m580_bmep583040_firmware	< 2.90	Yes
Hardware	schneider-electric	modicon_m580_bmep583040	-	No
Operating System	schneider-electric	modicon_m580_bmep584020_firmware	< 2.90	Yes
Hardware	schneider-electric	modicon_m580_bmep584020	-	No
Operating System	schneider-electric	modicon_m580_bmep585040_firmware	< 2.90	Yes
Hardware	schneider-electric	modicon_m580_bmep585040	-	No
Hardware	schneider-electric	modicon_m580_bmep585040c	-	No
Operating System	schneider-electric	modicon_m580_bmep582040s_firmware	< 2.90	Yes
Hardware	schneider-electric	modicon_m580_bmep582040s	-	No
Operating System	schneider-electric	bmeh582040_firmware	< 2.90	Yes
Hardware	schneider-electric	bmeh582040	-	No
Hardware	schneider-electric	bmeh582040c	-	No

References

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03 Vendor Advisory ([email protected])
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)