Sign-up

ID

VAR-202001-1484


CVE

CVE-2018-7794


TITLE

plural Modicon Vulnerability in checking exceptional conditions in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-016188

DESCRIPTION

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Several Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2018-7794 // JVNDB: JVNDB-2018-016188 // CNVD: CNVD-2020-02579

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02579

AFFECTED PRODUCTS

vendor:schneider electricmodel:tsxp573634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp57554mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu65150scope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:tsxp57204mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp57454mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp57304mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp572634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu65260scope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:140cpu67160scope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:tsxp57354mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu67861scope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:140cpu67060scope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:140cpu67160sscope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:tsxp576634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxh5724mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp571634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:ltversion:3.01

Trust: 1.0

vendor:schneider electricmodel:tsxp57104mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp574634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu65860scope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:140cpu67261scope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:modicon m580scope:ltversion:2.80

Trust: 1.0

vendor:schneider electricmodel:tsxh5744mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu65160sscope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:tsxp57154mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu65160scope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:140cpu67260scope:ltversion:3.52

Trust: 1.0

vendor:schneider electricmodel:tsxp57254mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp575634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxh5724mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxh5744mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp57354mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp57454mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp574634mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp57554mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp575634mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp576634mscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m340scope:ltversion:3.01

Trust: 0.6

vendor:schneidermodel:electric modicon m580scope:ltversion:2.80

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope:ltversion:3.20

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope:ltversion:3.52

Trust: 0.6

sources: CNVD: CNVD-2020-02579 // JVNDB: JVNDB-2018-016188 // NVD: CVE-2018-7794

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7794
value: HIGH

Trust: 1.0

NVD: CVE-2018-7794
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-02579
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-833
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-7794
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02579
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7794
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7794
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02579 // JVNDB: JVNDB-2018-016188 // CNNVD: CNNVD-201912-833 // NVD: CVE-2018-7794

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.8

sources: JVNDB: JVNDB-2018-016188 // NVD: CVE-2018-7794

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-833

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-833

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016188

PATCH
title:SEVD-2019-344-01url:https://www.se.com/ww/en/download/document/SEVD-2019-344-01/
Trust: 0.8
title:Patch for Multiple Schneider Electric Product Code Issue Vulnerabilities (CNVD-2020-02579)url:https://www.cnvd.org.cn/patchInfo/show/197261
Trust: 0.6
title:Multiple Schneider Electric Product code issue vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108231
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02579 // 
            
            
            
            JVNDB: JVNDB-2018-016188 // 
            
            
            
            CNNVD: CNNVD-201912-833

EXTERNAL IDS
db:NVDid:CVE-2018-7794
Trust: 3.0
db:SCHNEIDERid:SEVD-2019-344-01
Trust: 1.6
db:JVNDBid:JVNDB-2018-016188
Trust: 0.8
db:CNVDid:CNVD-2020-02579
Trust: 0.6
db:AUSCERTid:ESB-2020.0189
Trust: 0.6
db:ICS CERTid:ICSA-20-016-01
Trust: 0.6
db:CNNVDid:CNNVD-201912-833
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02579 // 
            
            
            
            JVNDB: JVNDB-2018-016188 // 
            
            
            
            CNNVD: CNNVD-201912-833 // 
            
            
            
            NVD: CVE-2018-7794

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-7794
Trust: 2.0
url:https://www.se.com/ww/en/download/document/sevd-2019-344-01
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7794
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18615
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0189/
Trust: 0.6
url:https://www.se.com/ww/en/download/document/sevd-2019-344-01/
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-20-016-01
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02579 // 
            
            
            
            JVNDB: JVNDB-2018-016188 // 
            
            
            
            CNNVD: CNNVD-201912-833 // 
            
            
            
            NVD: CVE-2018-7794

CREDITS
Younes Dragoni (Nozomi Networks)
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201912-833

SOURCES
db:CNVDid:CNVD-2020-02579
db:JVNDBid:JVNDB-2018-016188
db:CNNVDid:CNNVD-201912-833
db:NVDid:CVE-2018-7794

LAST UPDATE DATE
2024-11-23T21:36:14.598000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02579date:2020-01-17T00:00:00
db:JVNDBid:JVNDB-2018-016188date:2020-01-27T00:00:00
db:CNNVDid:CNNVD-201912-833date:2022-03-10T00:00:00
db:NVDid:CVE-2018-7794date:2024-11-21T04:12:44.850

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-02579date:2020-01-16T00:00:00
db:JVNDBid:JVNDB-2018-016188date:2020-01-27T00:00:00
db:CNNVDid:CNNVD-201912-833date:2019-12-10T00:00:00
db:NVDid:CVE-2018-7794date:2020-01-06T23:15:10.893