Sign-up

ID

VAR-201905-1030


CVE

CVE-2018-7848


TITLE

plural Modicon Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015475

DESCRIPTION

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus. plural Modicon The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. An attacker could use the vulnerability to obtain sensitive information about the affected components. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

Trust: 2.52

sources: NVD: CVE-2018-7848 // JVNDB: JVNDB-2018-015475 // CNVD: CNVD-2019-34828 // IVD: ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64 // VULHUB: VHN-137880 // VULMON: CVE-2018-7848

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64 // CNVD: CNVD-2019-34828

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m580scope:ltversion:2.90

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:ltversion:3.10

Trust: 1.0

vendor:schneider electricmodel:modicon quantumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon premiumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m580scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope: - version: -

Trust: 0.6

vendor:modicon m580model: - scope:eqversion:*

Trust: 0.2

vendor:modicon m340model: - scope:eqversion:*

Trust: 0.2

vendor:modicon quantummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicon premiummodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64 // CNVD: CNVD-2019-34828 // JVNDB: JVNDB-2018-015475 // NVD: CVE-2018-7848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7848
value: HIGH

Trust: 1.0

NVD: CVE-2018-7848
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-34828
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-921
value: HIGH

Trust: 0.6

IVD: ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64
value: HIGH

Trust: 0.2

VULHUB: VHN-137880
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-7848
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7848
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-34828
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137880
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7848
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7848
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64 // CNVD: CNVD-2019-34828 // VULHUB: VHN-137880 // VULMON: CVE-2018-7848 // JVNDB: JVNDB-2018-015475 // CNNVD: CNNVD-201905-921 // NVD: CVE-2018-7848

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-137880 // JVNDB: JVNDB-2018-015475 // NVD: CVE-2018-7848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-921

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-921

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015475

PATCH
title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Trust: 0.8
title: - url:https://github.com/yanissec/CVE-2018-7848 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7848 // 
            
            
            
            JVNDB: JVNDB-2018-015475

EXTERNAL IDS
db:NVDid:CVE-2018-7848
Trust: 3.4
db:SCHNEIDERid:SEVD-2019-134-11
Trust: 1.8
db:TALOSid:TALOS-2018-0740
Trust: 1.8
db:CNNVDid:CNNVD-201905-921
Trust: 0.9
db:CNVDid:CNVD-2019-34828
Trust: 0.8
db:JVNDBid:JVNDB-2018-015475
Trust: 0.8
db:IVDid:AC1F1B0E-3CE8-4FC5-A3FD-16AF90549C64
Trust: 0.2
db:VULHUBid:VHN-137880
Trust: 0.1
db:VULMONid:CVE-2018-7848
Trust: 0.1
sources:
            
            
            IVD: ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64 // 
            
            
            
            CNVD: CNVD-2019-34828 // 
            
            
            
            VULHUB: VHN-137880 // 
            
            
            
            VULMON: CVE-2018-7848 // 
            
            
            
            JVNDB: JVNDB-2018-015475 // 
            
            
            
            CNNVD: CNNVD-201905-921 // 
            
            
            
            NVD: CVE-2018-7848

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-7848
Trust: 2.0
url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/
Trust: 1.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0740
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7848
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0740
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://github.com/yanissec/cve-2018-7848
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-34828 // 
            
            
            
            VULHUB: VHN-137880 // 
            
            
            
            VULMON: CVE-2018-7848 // 
            
            
            
            JVNDB: JVNDB-2018-015475 // 
            
            
            
            CNNVD: CNNVD-201905-921 // 
            
            
            
            NVD: CVE-2018-7848

CREDITS
Discovered by Jared Rittle of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-921

SOURCES
db:IVDid:ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64
db:CNVDid:CNVD-2019-34828
db:VULHUBid:VHN-137880
db:VULMONid:CVE-2018-7848
db:JVNDBid:JVNDB-2018-015475
db:CNNVDid:CNNVD-201905-921
db:NVDid:CVE-2018-7848

LAST UPDATE DATE
2024-11-23T21:52:12.740000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-34828date:2019-10-12T00:00:00
db:VULHUBid:VHN-137880date:2019-06-10T00:00:00
db:VULMONid:CVE-2018-7848date:2022-02-03T00:00:00
db:JVNDBid:JVNDB-2018-015475date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-921date:2022-03-10T00:00:00
db:NVDid:CVE-2018-7848date:2024-11-21T04:12:52.373

SOURCES RELEASE DATE
db:IVDid:ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64date:2019-10-12T00:00:00
db:CNVDid:CNVD-2019-34828date:2019-10-11T00:00:00
db:VULHUBid:VHN-137880date:2019-05-22T00:00:00
db:VULMONid:CVE-2018-7848date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2018-015475date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-921date:2019-05-22T00:00:00
db:NVDid:CVE-2018-7848date:2019-05-22T20:29:01.747