Sign-up

ID

VAR-201905-1035


CVE

CVE-2018-7853


TITLE

plural Modicon Vulnerability related to exceptional condition checking in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015463

DESCRIPTION

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Security vulnerabilities exist in several Schneider Electric products. An attacker could exploit the vulnerability to cause a denial of service

Trust: 2.43

sources: NVD: CVE-2018-7853 // JVNDB: JVNDB-2018-015463 // CNVD: CNVD-2019-15891 // IVD: 2ecf2f86-d7f7-4872-83d6-a437fa3757c6 // VULHUB: VHN-137885

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2ecf2f86-d7f7-4872-83d6-a437fa3757c6 // CNVD: CNVD-2019-15891

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon quantumscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon premiumscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:ltversion:3.10

Trust: 1.0

vendor:schneider electricmodel:modicon m580scope:ltversion:2.90

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m580scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:modicon premiummodel: - scope:eqversion: -

Trust: 0.2

vendor:modicon quantummodel: - scope:eqversion: -

Trust: 0.2

vendor:modicon m340model: - scope:eqversion:*

Trust: 0.2

vendor:modicon m580model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 2ecf2f86-d7f7-4872-83d6-a437fa3757c6 // CNVD: CNVD-2019-15891 // JVNDB: JVNDB-2018-015463 // NVD: CVE-2018-7853

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7853
value: HIGH

Trust: 1.0

NVD: CVE-2018-7853
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-15891
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-937
value: HIGH

Trust: 0.6

IVD: 2ecf2f86-d7f7-4872-83d6-a437fa3757c6
value: HIGH

Trust: 0.2

VULHUB: VHN-137885
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7853
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-15891
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2ecf2f86-d7f7-4872-83d6-a437fa3757c6
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137885
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7853
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7853
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 2ecf2f86-d7f7-4872-83d6-a437fa3757c6 // CNVD: CNVD-2019-15891 // VULHUB: VHN-137885 // JVNDB: JVNDB-2018-015463 // CNNVD: CNNVD-201905-937 // NVD: CVE-2018-7853

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.9

sources: VULHUB: VHN-137885 // JVNDB: JVNDB-2018-015463 // NVD: CVE-2018-7853

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-937

TYPE

Code problem

Trust: 0.8

sources: IVD: 2ecf2f86-d7f7-4872-83d6-a437fa3757c6 // CNNVD: CNNVD-201905-937

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015463

PATCH
title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015463

EXTERNAL IDS
db:NVDid:CVE-2018-7853
Trust: 3.3
db:TALOSid:TALOS-2019-0764
Trust: 1.7
db:SCHNEIDERid:SEVD-2019-134-11
Trust: 1.7
db:CNVDid:CNVD-2019-15891
Trust: 0.8
db:CNNVDid:CNNVD-201905-937
Trust: 0.8
db:JVNDBid:JVNDB-2018-015463
Trust: 0.8
db:IVDid:2ECF2F86-D7F7-4872-83D6-A437FA3757C6
Trust: 0.2
db:VULHUBid:VHN-137885
Trust: 0.1
sources:
            
            
            IVD: 2ecf2f86-d7f7-4872-83d6-a437fa3757c6 // 
            
            
            
            CNVD: CNVD-2019-15891 // 
            
            
            
            VULHUB: VHN-137885 // 
            
            
            
            JVNDB: JVNDB-2018-015463 // 
            
            
            
            CNNVD: CNNVD-201905-937 // 
            
            
            
            NVD: CVE-2018-7853

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/
Trust: 1.7
url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0764
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-7853
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7853
Trust: 0.8
url:https://web.nvd.nist.gov//vuln/detail/cve-2018-7853
Trust: 0.6
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0764
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-15891 // 
            
            
            
            VULHUB: VHN-137885 // 
            
            
            
            JVNDB: JVNDB-2018-015463 // 
            
            
            
            CNNVD: CNNVD-201905-937 // 
            
            
            
            NVD: CVE-2018-7853

CREDITS
Discovered by Jared Rittle of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-937

SOURCES
db:IVDid:2ecf2f86-d7f7-4872-83d6-a437fa3757c6
db:CNVDid:CNVD-2019-15891
db:VULHUBid:VHN-137885
db:JVNDBid:JVNDB-2018-015463
db:CNNVDid:CNNVD-201905-937
db:NVDid:CVE-2018-7853

LAST UPDATE DATE
2024-11-23T21:52:12.637000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-15891date:2019-05-30T00:00:00
db:VULHUBid:VHN-137885date:2019-06-10T00:00:00
db:JVNDBid:JVNDB-2018-015463date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-937date:2022-03-10T00:00:00
db:NVDid:CVE-2018-7853date:2024-11-21T04:12:52.947

SOURCES RELEASE DATE
db:IVDid:2ecf2f86-d7f7-4872-83d6-a437fa3757c6date:2019-05-30T00:00:00
db:CNVDid:CNVD-2019-15891date:2019-05-30T00:00:00
db:VULHUBid:VHN-137885date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2018-015463date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-937date:2019-05-22T00:00:00
db:NVDid:CVE-2018-7853date:2019-05-22T21:29:00.370