1. Home
  2. CVE Database
  3. CVE-2018-7846
CRITICAL · 9.8

CVE-2018-7846

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauth...

Vulnerability Description

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricModicon M580 FirmwareAll versions
Schneider-ElectricModicon M580-
Schneider-ElectricModicon M340 FirmwareAll versions
Schneider-ElectricModicon M340-
Schneider-ElectricModicon Quantum FirmwareAll versions
Schneider-ElectricModicon Quantum-
Schneider-ElectricModicon Premium FirmwareAll versions
Schneider-ElectricModicon Premium-

Related Weaknesses (CWE)

CWE-668

References

FAQ

What is CVE-2018-7846?

CVE-2018-7846 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauth...

How severe is CVE-2018-7846?

CVE-2018-7846 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-7846?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M580 Firmware, Schneider-Electric Modicon M580, Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Modicon Quantum Firmware.