Vulnerability Description
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | 140Cpu65150 Firmware | - |
| Schneider-Electric | 140Cpu65150 | - |
| Schneider-Electric | 140Cpu31110 Firmware | - |
| Schneider-Electric | 140Cpu31110 | - |
| Schneider-Electric | 140Cpu43412U Firmware | - |
| Schneider-Electric | 140Cpu43412U | - |
| Schneider-Electric | 140Cpu65160 Firmware | - |
| Schneider-Electric | 140Cpu65160 | - |
| Schneider-Electric | 140Cpu65260 Firmware | - |
| Schneider-Electric | 140Cpu65260 | - |
| Schneider-Electric | 140Cpu65860 Firmware | - |
| Schneider-Electric | 140Cpu65860 | - |
| Schneider-Electric | 140Cpu65160S Firmware | - |
| Schneider-Electric | 140Cpu65160S | - |
| Schneider-Electric | 140Cpu65150C Firmware | - |
| Schneider-Electric | 140Cpu65150C | - |
| Schneider-Electric | 140Cpu31110C Firmware | - |
| Schneider-Electric | 140Cpu31110C | - |
| Schneider-Electric | 140Cpu43412Uc Firmware | - |
| Schneider-Electric | 140Cpu43412Uc | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103541Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01Third Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/Vendor Advisory
- http://www.securityfocus.com/bid/103541Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01Third Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/Vendor Advisory
FAQ
What is CVE-2018-7240?
CVE-2018-7240 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of t...
How severe is CVE-2018-7240?
CVE-2018-7240 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7240?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric 140Cpu65150 Firmware, Schneider-Electric 140Cpu65150, Schneider-Electric 140Cpu31110 Firmware, Schneider-Electric 140Cpu31110, Schneider-Electric 140Cpu43412U Firmware.