Sign-up

ID

VAR-201905-1031


CVE

CVE-2018-7849


TITLE

plural Modicon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015476

DESCRIPTION

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. plural Modicon The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Several Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

Trust: 2.52

sources: NVD: CVE-2018-7849 // JVNDB: JVNDB-2018-015476 // CNVD: CNVD-2019-34827 // IVD: b64fc880-1acf-4ff9-b621-6d507dd1fedf // VULHUB: VHN-137881 // VULMON: CVE-2018-7849

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: b64fc880-1acf-4ff9-b621-6d507dd1fedf // CNVD: CNVD-2019-34827

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon premiumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon quantumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m580scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m580scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope: - version: -

Trust: 0.6

vendor:modicon m580model: - scope:eqversion:*

Trust: 0.2

vendor:modicon m340model: - scope:eqversion:*

Trust: 0.2

vendor:modicon quantummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicon premiummodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: b64fc880-1acf-4ff9-b621-6d507dd1fedf // CNVD: CNVD-2019-34827 // JVNDB: JVNDB-2018-015476 // NVD: CVE-2018-7849

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7849
value: HIGH

Trust: 1.0

NVD: CVE-2018-7849
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-34827
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-922
value: HIGH

Trust: 0.6

IVD: b64fc880-1acf-4ff9-b621-6d507dd1fedf
value: HIGH

Trust: 0.2

VULHUB: VHN-137881
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-7849
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7849
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-34827
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: b64fc880-1acf-4ff9-b621-6d507dd1fedf
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137881
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7849
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7849
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: b64fc880-1acf-4ff9-b621-6d507dd1fedf // CNVD: CNVD-2019-34827 // VULHUB: VHN-137881 // VULMON: CVE-2018-7849 // JVNDB: JVNDB-2018-015476 // CNNVD: CNNVD-201905-922 // NVD: CVE-2018-7849

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-137881 // JVNDB: JVNDB-2018-015476 // NVD: CVE-2018-7849

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-922

TYPE

Input validation error

Trust: 0.8

sources: IVD: b64fc880-1acf-4ff9-b621-6d507dd1fedf // CNNVD: CNNVD-201905-922

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015476

PATCH
title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Trust: 0.8
title: - url:https://github.com/yanissec/CVE-2018-7849 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7849 // 
            
            
            
            JVNDB: JVNDB-2018-015476

EXTERNAL IDS
db:NVDid:CVE-2018-7849
Trust: 3.4
db:SCHNEIDERid:SEVD-2019-134-11
Trust: 1.8
db:TALOSid:TALOS-2018-0737
Trust: 1.8
db:CNNVDid:CNNVD-201905-922
Trust: 0.9
db:CNVDid:CNVD-2019-34827
Trust: 0.8
db:JVNDBid:JVNDB-2018-015476
Trust: 0.8
db:IVDid:B64FC880-1ACF-4FF9-B621-6D507DD1FEDF
Trust: 0.2
db:VULHUBid:VHN-137881
Trust: 0.1
db:VULMONid:CVE-2018-7849
Trust: 0.1
sources:
            
            
            IVD: b64fc880-1acf-4ff9-b621-6d507dd1fedf // 
            
            
            
            CNVD: CNVD-2019-34827 // 
            
            
            
            VULHUB: VHN-137881 // 
            
            
            
            VULMON: CVE-2018-7849 // 
            
            
            
            JVNDB: JVNDB-2018-015476 // 
            
            
            
            CNNVD: CNNVD-201905-922 // 
            
            
            
            NVD: CVE-2018-7849

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-7849
Trust: 2.0
url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/
Trust: 1.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0737
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7849
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0737
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/755.html
Trust: 0.1
url:https://github.com/yanissec/cve-2018-7849
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-34827 // 
            
            
            
            VULHUB: VHN-137881 // 
            
            
            
            VULMON: CVE-2018-7849 // 
            
            
            
            JVNDB: JVNDB-2018-015476 // 
            
            
            
            CNNVD: CNNVD-201905-922 // 
            
            
            
            NVD: CVE-2018-7849

CREDITS
Discovered by Jared Rittle of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-922

SOURCES
db:IVDid:b64fc880-1acf-4ff9-b621-6d507dd1fedf
db:CNVDid:CNVD-2019-34827
db:VULHUBid:VHN-137881
db:VULMONid:CVE-2018-7849
db:JVNDBid:JVNDB-2018-015476
db:CNNVDid:CNNVD-201905-922
db:NVDid:CVE-2018-7849

LAST UPDATE DATE
2024-11-23T21:52:12.424000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-34827date:2019-10-12T00:00:00
db:VULHUBid:VHN-137881date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-7849date:2022-02-03T00:00:00
db:JVNDBid:JVNDB-2018-015476date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-922date:2022-03-10T00:00:00
db:NVDid:CVE-2018-7849date:2024-11-21T04:12:52.480

SOURCES RELEASE DATE
db:IVDid:b64fc880-1acf-4ff9-b621-6d507dd1fedfdate:2019-10-12T00:00:00
db:CNVDid:CNVD-2019-34827date:2019-10-11T00:00:00
db:VULHUBid:VHN-137881date:2019-05-22T00:00:00
db:VULMONid:CVE-2018-7849date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2018-015476date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-922date:2019-05-22T00:00:00
db:NVDid:CVE-2018-7849date:2019-05-22T20:29:01.777