Sign-up

ID

VAR-201905-1032


CVE

CVE-2018-7850


TITLE

plural Modicon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015471

DESCRIPTION

A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software. plural Modicon The product contains an input validation vulnerability.Information may be obtained. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Several Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to display invalid information. The following products and versions are affected: Schneider Electric Modicon M580 (all versions), Modicon M340 (all versions), Modicon Quantum (all versions), Modicon Premium (all versions)

Trust: 2.43

sources: NVD: CVE-2018-7850 // JVNDB: JVNDB-2018-015471 // CNVD: CNVD-2019-34611 // IVD: 196b5312-6da9-464b-9c10-51d6fda55541 // VULHUB: VHN-137882

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 196b5312-6da9-464b-9c10-51d6fda55541 // CNVD: CNVD-2019-34611

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon premiumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon quantumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m580scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m580scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope: - version: -

Trust: 0.6

vendor:modicon m580model: - scope:eqversion:*

Trust: 0.2

vendor:modicon m340model: - scope:eqversion:*

Trust: 0.2

vendor:modicon quantummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicon premiummodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 196b5312-6da9-464b-9c10-51d6fda55541 // CNVD: CNVD-2019-34611 // JVNDB: JVNDB-2018-015471 // NVD: CVE-2018-7850

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7850
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7850
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-34611
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-923
value: MEDIUM

Trust: 0.6

IVD: 196b5312-6da9-464b-9c10-51d6fda55541
value: MEDIUM

Trust: 0.2

VULHUB: VHN-137882
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7850
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-34611
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 196b5312-6da9-464b-9c10-51d6fda55541
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137882
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7850
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-7850
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 196b5312-6da9-464b-9c10-51d6fda55541 // CNVD: CNVD-2019-34611 // VULHUB: VHN-137882 // JVNDB: JVNDB-2018-015471 // CNNVD: CNNVD-201905-923 // NVD: CVE-2018-7850

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-137882 // JVNDB: JVNDB-2018-015471 // NVD: CVE-2018-7850

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-923

TYPE

Input validation error

Trust: 0.8

sources: IVD: 196b5312-6da9-464b-9c10-51d6fda55541 // CNNVD: CNNVD-201905-923

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015471

PATCH
title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015471

EXTERNAL IDS
db:NVDid:CVE-2018-7850
Trust: 3.3
db:TALOSid:TALOS-2018-0743
Trust: 1.7
db:SCHNEIDERid:SEVD-2019-134-11
Trust: 1.7
db:CNNVDid:CNNVD-201905-923
Trust: 0.9
db:CNVDid:CNVD-2019-34611
Trust: 0.8
db:JVNDBid:JVNDB-2018-015471
Trust: 0.8
db:IVDid:196B5312-6DA9-464B-9C10-51D6FDA55541
Trust: 0.2
db:VULHUBid:VHN-137882
Trust: 0.1
sources:
            
            
            IVD: 196b5312-6da9-464b-9c10-51d6fda55541 // 
            
            
            
            CNVD: CNVD-2019-34611 // 
            
            
            
            VULHUB: VHN-137882 // 
            
            
            
            JVNDB: JVNDB-2018-015471 // 
            
            
            
            CNNVD: CNNVD-201905-923 // 
            
            
            
            NVD: CVE-2018-7850

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-7850
Trust: 2.0
url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/
Trust: 1.7
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0743
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7850
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0743
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-34611 // 
            
            
            
            VULHUB: VHN-137882 // 
            
            
            
            JVNDB: JVNDB-2018-015471 // 
            
            
            
            CNNVD: CNNVD-201905-923 // 
            
            
            
            NVD: CVE-2018-7850

CREDITS
Discovered by Jared Rittle of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-923

SOURCES
db:IVDid:196b5312-6da9-464b-9c10-51d6fda55541
db:CNVDid:CNVD-2019-34611
db:VULHUBid:VHN-137882
db:JVNDBid:JVNDB-2018-015471
db:CNNVDid:CNNVD-201905-923
db:NVDid:CVE-2018-7850

LAST UPDATE DATE
2024-11-23T21:52:12.525000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-34611date:2019-10-11T00:00:00
db:VULHUBid:VHN-137882date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-015471date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-923date:2022-03-10T00:00:00
db:NVDid:CVE-2018-7850date:2024-11-21T04:12:52.597

SOURCES RELEASE DATE
db:IVDid:196b5312-6da9-464b-9c10-51d6fda55541date:2019-10-11T00:00:00
db:CNVDid:CNVD-2019-34611date:2019-10-11T00:00:00
db:VULHUBid:VHN-137882date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2018-015471date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-923date:2019-05-22T00:00:00
db:NVDid:CVE-2018-7850date:2019-05-22T20:29:01.823