Vulnerability Description
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M580 Firmware | All versions |
| Schneider-Electric | Modicon M580 | - |
| Schneider-Electric | Modicon M340 Firmware | All versions |
| Schneider-Electric | Modicon M340 | - |
| Schneider-Electric | Modicon Quantum Firmware | All versions |
| Schneider-Electric | Modicon Quantum | - |
| Schneider-Electric | Modicon Premium Firmware | All versions |
| Schneider-Electric | Modicon Premium | - |
Related Weaknesses (CWE)
References
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738ExploitThird Party Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738ExploitThird Party Advisory
FAQ
What is CVE-2018-7843?
CVE-2018-7843 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory block...
How severe is CVE-2018-7843?
CVE-2018-7843 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7843?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M580 Firmware, Schneider-Electric Modicon M580, Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Modicon Quantum Firmware.