Sign-up

ID

VAR-201905-1033


CVE

CVE-2018-7851


TITLE

plural Modicon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015472

DESCRIPTION

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability. plural Modicon The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon M340 is a medium-range PLC (Programmable Logic Controller) for industrial processes and infrastructure. A buffer overflow vulnerability exists in several Schneider Electric products that can be exploited by an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Trust: 2.43

sources: NVD: CVE-2018-7851 // JVNDB: JVNDB-2018-015472 // CNVD: CNVD-2019-15197 // IVD: 7f337d34-58c3-4e10-a083-c50e708af9ed // VULHUB: VHN-137883

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7f337d34-58c3-4e10-a083-c50e708af9ed // CNVD: CNVD-2019-15197

AFFECTED PRODUCTS

vendor:schneider electricmodel:m580scope:ltversion:2.50

Trust: 1.0

vendor:schneider electricmodel:modicon premiumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:bmx\/e crascope:ltversion:2.40

Trust: 1.0

vendor:schneider electricmodel:140cra312xxxscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:m340scope:ltversion:3.01

Trust: 1.0

vendor:schneider electricmodel:140cra312xxxscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxcra312xxscope:ltversion:2.40

Trust: 0.8

vendor:schneider electricmodel:modicon m340scope:ltversion:3.01

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope:ltversion:2.50

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric 140cra312xxxscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m580scope:ltversion:v2.50

Trust: 0.6

vendor:schneidermodel:electric bmxcra312xxscope:ltversion:v2.40

Trust: 0.6

vendor:schneidermodel:electric modicon m340scope:ltversion:v3.01

Trust: 0.6

vendor:m580model: - scope:eqversion:*

Trust: 0.2

vendor:m340model: - scope:eqversion:*

Trust: 0.2

vendor:bmx e cramodel: - scope:eqversion:*

Trust: 0.2

vendor:modicon premiummodel: - scope:eqversion:*

Trust: 0.2

vendor:140cra312xxxmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7f337d34-58c3-4e10-a083-c50e708af9ed // CNVD: CNVD-2019-15197 // JVNDB: JVNDB-2018-015472 // NVD: CVE-2018-7851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7851
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7851
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-15197
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-924
value: MEDIUM

Trust: 0.6

IVD: 7f337d34-58c3-4e10-a083-c50e708af9ed
value: MEDIUM

Trust: 0.2

VULHUB: VHN-137883
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7851
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-15197
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7f337d34-58c3-4e10-a083-c50e708af9ed
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137883
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7851
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7851
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7f337d34-58c3-4e10-a083-c50e708af9ed // CNVD: CNVD-2019-15197 // VULHUB: VHN-137883 // JVNDB: JVNDB-2018-015472 // CNNVD: CNNVD-201905-924 // NVD: CVE-2018-7851

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-137883 // JVNDB: JVNDB-2018-015472 // NVD: CVE-2018-7851

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-924

TYPE

Buffer error

Trust: 0.8

sources: IVD: 7f337d34-58c3-4e10-a083-c50e708af9ed // CNNVD: CNNVD-201905-924

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015472

PATCH
title:SEVD-2019-134-10url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/
Trust: 0.8
title:Patch for multiple Schneider Electric product buffer overflow vulnerabilities (CNVD-2019-15197)url:https://www.cnvd.org.cn/patchInfo/show/162069
Trust: 0.6
title:Multiple Schneider Electric Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92893
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-15197 // 
            
            
            
            JVNDB: JVNDB-2018-015472 // 
            
            
            
            CNNVD: CNNVD-201905-924

EXTERNAL IDS
db:NVDid:CVE-2018-7851
Trust: 3.3
db:SCHNEIDERid:SEVD-2019-134-10
Trust: 2.3
db:CNNVDid:CNNVD-201905-924
Trust: 0.9
db:CNVDid:CNVD-2019-15197
Trust: 0.8
db:JVNDBid:JVNDB-2018-015472
Trust: 0.8
db:IVDid:7F337D34-58C3-4E10-A083-C50E708AF9ED
Trust: 0.2
db:VULHUBid:VHN-137883
Trust: 0.1
sources:
            
            
            IVD: 7f337d34-58c3-4e10-a083-c50e708af9ed // 
            
            
            
            CNVD: CNVD-2019-15197 // 
            
            
            
            VULHUB: VHN-137883 // 
            
            
            
            JVNDB: JVNDB-2018-015472 // 
            
            
            
            CNNVD: CNNVD-201905-924 // 
            
            
            
            NVD: CVE-2018-7851

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-10/
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2018-7851
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7851
Trust: 0.8
url:https://web.nvd.nist.gov//vuln/detail/cve-2018-7851
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-15197 // 
            
            
            
            VULHUB: VHN-137883 // 
            
            
            
            JVNDB: JVNDB-2018-015472 // 
            
            
            
            CNNVD: CNNVD-201905-924 // 
            
            
            
            NVD: CVE-2018-7851

SOURCES
db:IVDid:7f337d34-58c3-4e10-a083-c50e708af9ed
db:CNVDid:CNVD-2019-15197
db:VULHUBid:VHN-137883
db:JVNDBid:JVNDB-2018-015472
db:CNNVDid:CNNVD-201905-924
db:NVDid:CVE-2018-7851

LAST UPDATE DATE
2024-11-23T21:37:17.620000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-15197date:2019-05-24T00:00:00
db:VULHUBid:VHN-137883date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-015472date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-924date:2019-05-24T00:00:00
db:NVDid:CVE-2018-7851date:2024-11-21T04:12:52.710

SOURCES RELEASE DATE
db:IVDid:7f337d34-58c3-4e10-a083-c50e708af9eddate:2019-05-24T00:00:00
db:CNVDid:CNVD-2019-15197date:2019-05-24T00:00:00
db:VULHUBid:VHN-137883date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2018-015472date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-924date:2019-05-22T00:00:00
db:NVDid:CVE-2018-7851date:2019-05-22T20:29:01.853