Sign-up

ID

VAR-201905-1047


CVE

CVE-2018-7844


TITLE

plural Modicon Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015469

DESCRIPTION

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus. plural Modicon The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions

Trust: 2.52

sources: NVD: CVE-2018-7844 // JVNDB: JVNDB-2018-015469 // CNVD: CNVD-2019-15330 // IVD: 0f067671-d435-462b-a7c3-acb4bebf34b6 // VULHUB: VHN-137876 // VULMON: CVE-2018-7844

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 0f067671-d435-462b-a7c3-acb4bebf34b6 // CNVD: CNVD-2019-15330

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon quantumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m580scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon premiumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m580scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:modicon premiummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicon quantummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicon m340model: - scope:eqversion:*

Trust: 0.2

vendor:modicon m580model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 0f067671-d435-462b-a7c3-acb4bebf34b6 // CNVD: CNVD-2019-15330 // JVNDB: JVNDB-2018-015469 // NVD: CVE-2018-7844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7844
value: HIGH

Trust: 1.0

NVD: CVE-2018-7844
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-15330
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-936
value: HIGH

Trust: 0.6

IVD: 0f067671-d435-462b-a7c3-acb4bebf34b6
value: HIGH

Trust: 0.2

VULHUB: VHN-137876
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-7844
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7844
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-15330
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 0f067671-d435-462b-a7c3-acb4bebf34b6
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137876
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7844
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7844
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 0f067671-d435-462b-a7c3-acb4bebf34b6 // CNVD: CNVD-2019-15330 // VULHUB: VHN-137876 // VULMON: CVE-2018-7844 // JVNDB: JVNDB-2018-015469 // CNNVD: CNNVD-201905-936 // NVD: CVE-2018-7844

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-137876 // JVNDB: JVNDB-2018-015469 // NVD: CVE-2018-7844

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-936

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-936

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015469

PATCH
title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Trust: 0.8
title: - url:https://github.com/yanissec/CVE-2018-7844 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7844 // 
            
            
            
            JVNDB: JVNDB-2018-015469

EXTERNAL IDS
db:NVDid:CVE-2018-7844
Trust: 3.4
db:SCHNEIDERid:SEVD-2019-134-11
Trust: 2.4
db:TALOSid:TALOS-2018-0739
Trust: 1.8
db:CNVDid:CNVD-2019-15330
Trust: 0.8
db:CNNVDid:CNNVD-201905-936
Trust: 0.8
db:JVNDBid:JVNDB-2018-015469
Trust: 0.8
db:IVDid:0F067671-D435-462B-A7C3-ACB4BEBF34B6
Trust: 0.2
db:VULHUBid:VHN-137876
Trust: 0.1
db:VULMONid:CVE-2018-7844
Trust: 0.1
sources:
            
            
            IVD: 0f067671-d435-462b-a7c3-acb4bebf34b6 // 
            
            
            
            CNVD: CNVD-2019-15330 // 
            
            
            
            VULHUB: VHN-137876 // 
            
            
            
            VULMON: CVE-2018-7844 // 
            
            
            
            JVNDB: JVNDB-2018-015469 // 
            
            
            
            CNNVD: CNNVD-201905-936 // 
            
            
            
            NVD: CVE-2018-7844

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/
Trust: 2.4
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0739
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7844
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7844
Trust: 0.8
url:https://web.nvd.nist.gov//vuln/detail/cve-2018-7844
Trust: 0.6
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0739
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://github.com/yanissec/cve-2018-7844
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-15330 // 
            
            
            
            VULHUB: VHN-137876 // 
            
            
            
            VULMON: CVE-2018-7844 // 
            
            
            
            JVNDB: JVNDB-2018-015469 // 
            
            
            
            CNNVD: CNNVD-201905-936 // 
            
            
            
            NVD: CVE-2018-7844

CREDITS
Discovered by Jared Rittle of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-936

SOURCES
db:IVDid:0f067671-d435-462b-a7c3-acb4bebf34b6
db:CNVDid:CNVD-2019-15330
db:VULHUBid:VHN-137876
db:VULMONid:CVE-2018-7844
db:JVNDBid:JVNDB-2018-015469
db:CNNVDid:CNNVD-201905-936
db:NVDid:CVE-2018-7844

LAST UPDATE DATE
2024-11-23T21:52:16.431000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-15330date:2019-05-24T00:00:00
db:VULHUBid:VHN-137876date:2019-06-10T00:00:00
db:VULMONid:CVE-2018-7844date:2022-02-03T00:00:00
db:JVNDBid:JVNDB-2018-015469date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-936date:2022-03-10T00:00:00
db:NVDid:CVE-2018-7844date:2024-11-21T04:12:51.913

SOURCES RELEASE DATE
db:IVDid:0f067671-d435-462b-a7c3-acb4bebf34b6date:2019-05-24T00:00:00
db:CNVDid:CNVD-2019-15330date:2019-05-24T00:00:00
db:VULHUBid:VHN-137876date:2019-05-22T00:00:00
db:VULMONid:CVE-2018-7844date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2018-015469date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-936date:2019-05-22T00:00:00
db:NVDid:CVE-2018-7844date:2019-05-22T21:29:00.323