Sign-up

ID

VAR-201905-1034


CVE

CVE-2018-7852


TITLE

plural Modicon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015473

DESCRIPTION

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus. plural Modicon The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

Trust: 2.52

sources: NVD: CVE-2018-7852 // JVNDB: JVNDB-2018-015473 // CNVD: CNVD-2019-15198 // IVD: 1f25f725-8d90-42d9-88a6-46032a995985 // VULHUB: VHN-137884 // VULMON: CVE-2018-7852

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1f25f725-8d90-42d9-88a6-46032a995985 // CNVD: CNVD-2019-15198

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon premiumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon quantumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m580scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m580scope: - version: -

Trust: 0.6

vendor:modicon m580model: - scope:eqversion:*

Trust: 0.2

vendor:modicon m340model: - scope:eqversion:*

Trust: 0.2

vendor:modicon quantummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicon premiummodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 1f25f725-8d90-42d9-88a6-46032a995985 // CNVD: CNVD-2019-15198 // JVNDB: JVNDB-2018-015473 // NVD: CVE-2018-7852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7852
value: HIGH

Trust: 1.0

NVD: CVE-2018-7852
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-15198
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-925
value: HIGH

Trust: 0.6

IVD: 1f25f725-8d90-42d9-88a6-46032a995985
value: HIGH

Trust: 0.2

VULHUB: VHN-137884
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-7852
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7852
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-15198
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1f25f725-8d90-42d9-88a6-46032a995985
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137884
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7852
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7852
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 1f25f725-8d90-42d9-88a6-46032a995985 // CNVD: CNVD-2019-15198 // VULHUB: VHN-137884 // VULMON: CVE-2018-7852 // JVNDB: JVNDB-2018-015473 // CNNVD: CNNVD-201905-925 // NVD: CVE-2018-7852

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-137884 // JVNDB: JVNDB-2018-015473 // NVD: CVE-2018-7852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-925

TYPE

Input validation error

Trust: 0.8

sources: IVD: 1f25f725-8d90-42d9-88a6-46032a995985 // CNNVD: CNNVD-201905-925

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015473

PATCH
title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Trust: 0.8
title: - url:https://github.com/yanissec/CVE-2018-7852 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7852 // 
            
            
            
            JVNDB: JVNDB-2018-015473

EXTERNAL IDS
db:NVDid:CVE-2018-7852
Trust: 3.4
db:SCHNEIDERid:SEVD-2019-134-11
Trust: 2.4
db:TALOSid:TALOS-2019-0763
Trust: 1.8
db:CNNVDid:CNNVD-201905-925
Trust: 0.9
db:CNVDid:CNVD-2019-15198
Trust: 0.8
db:JVNDBid:JVNDB-2018-015473
Trust: 0.8
db:IVDid:1F25F725-8D90-42D9-88A6-46032A995985
Trust: 0.2
db:VULHUBid:VHN-137884
Trust: 0.1
db:VULMONid:CVE-2018-7852
Trust: 0.1
sources:
            
            
            IVD: 1f25f725-8d90-42d9-88a6-46032a995985 // 
            
            
            
            CNVD: CNVD-2019-15198 // 
            
            
            
            VULHUB: VHN-137884 // 
            
            
            
            VULMON: CVE-2018-7852 // 
            
            
            
            JVNDB: JVNDB-2018-015473 // 
            
            
            
            CNNVD: CNNVD-201905-925 // 
            
            
            
            NVD: CVE-2018-7852

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/
Trust: 2.4
url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0763
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7852
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7852
Trust: 0.8
url:https://web.nvd.nist.gov//vuln/detail/cve-2018-7852
Trust: 0.6
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0763
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/755.html
Trust: 0.1
url:https://github.com/yanissec/cve-2018-7852
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-15198 // 
            
            
            
            VULHUB: VHN-137884 // 
            
            
            
            VULMON: CVE-2018-7852 // 
            
            
            
            JVNDB: JVNDB-2018-015473 // 
            
            
            
            CNNVD: CNNVD-201905-925 // 
            
            
            
            NVD: CVE-2018-7852

CREDITS
Discovered by Jared Rittle of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-925

SOURCES
db:IVDid:1f25f725-8d90-42d9-88a6-46032a995985
db:CNVDid:CNVD-2019-15198
db:VULHUBid:VHN-137884
db:VULMONid:CVE-2018-7852
db:JVNDBid:JVNDB-2018-015473
db:CNNVDid:CNNVD-201905-925
db:NVDid:CVE-2018-7852

LAST UPDATE DATE
2024-11-23T21:52:12.922000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-15198date:2019-05-24T00:00:00
db:VULHUBid:VHN-137884date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-7852date:2022-02-03T00:00:00
db:JVNDBid:JVNDB-2018-015473date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-925date:2022-03-10T00:00:00
db:NVDid:CVE-2018-7852date:2024-11-21T04:12:52.833

SOURCES RELEASE DATE
db:IVDid:1f25f725-8d90-42d9-88a6-46032a995985date:2019-05-24T00:00:00
db:CNVDid:CNVD-2019-15198date:2019-05-24T00:00:00
db:VULHUBid:VHN-137884date:2019-05-22T00:00:00
db:VULMONid:CVE-2018-7852date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2018-015473date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-925date:2019-05-22T00:00:00
db:NVDid:CVE-2018-7852date:2019-05-22T20:29:01.900