CVE-2018-7838 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2018-7838?

CVE-2018-7838 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-7838?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Bmenoc0301 Firmware, Schneider-Electric Bmenoc0301, Schneider-Electric Modicon M580 Bmep584040 Firmware, Schneider-Electric Bmeh584040, Schneider-Electric Bmeh584040C.

Vulnerability Description

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Bmenoc0301 Firmware	< 2.16
Schneider-Electric	Bmenoc0301	-
Schneider-Electric	Modicon M580 Bmep584040 Firmware	< 2.90
Schneider-Electric	Bmeh584040	-
Schneider-Electric	Bmeh584040C	-
Schneider-Electric	Modicon M580 Bmep584040	-
Schneider-Electric	Modicon M580 Bmep584040S	-
Schneider-Electric	Modicon M580 Bmep586040 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep586040	-
Schneider-Electric	Modicon M580 Bmep586040C	-
Schneider-Electric	Bmeh586040 Firmware	< 2.90
Schneider-Electric	Bmeh586040	-
Schneider-Electric	Bmeh586040C	-
Schneider-Electric	Modicon M580 Bmep581020 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep581020	-
Schneider-Electric	Modicon M580 Bmep581020H	-
Schneider-Electric	Modicon M580 Bmep582020 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep582020	-
Schneider-Electric	Modicon M580 Bmep582020H	-
Schneider-Electric	Modicon M580 Bmep582040 Firmware	< 2.90

Related Weaknesses (CWE)

CWE-119

References

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03Vendor Advisory
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03Vendor Advisory

FAQ

What is CVE-2018-7838?

CVE-2018-7838 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of...

How severe is CVE-2018-7838?

CVE-2018-7838 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7838?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Bmenoc0301 Firmware, Schneider-Electric Bmenoc0301, Schneider-Electric Modicon M580 Bmep584040 Firmware, Schneider-Electric Bmeh584040, Schneider-Electric Bmeh584040C.