1. Home
  2. CVE Database
  3. CVE-2018-7842
CRITICAL · 9.8

CVE-2018-7842

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by...

Vulnerability Description

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricModicon M580 FirmwareAll versions
Schneider-ElectricModicon M580-
Schneider-ElectricModicon M340 FirmwareAll versions
Schneider-ElectricModicon M340-
Schneider-ElectricModicon Quantum FirmwareAll versions
Schneider-ElectricModicon Quantum-
Schneider-ElectricModicon Premium FirmwareAll versions
Schneider-ElectricModicon Premium-

Related Weaknesses (CWE)

CWE-290

References

FAQ

What is CVE-2018-7842?

CVE-2018-7842 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by...

How severe is CVE-2018-7842?

CVE-2018-7842 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-7842?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M580 Firmware, Schneider-Electric Modicon M580, Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Modicon Quantum Firmware.