Vulnerability Description
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M580 Firmware | < 2.90 |
| Schneider-Electric | Modicon M580 | - |
| Schneider-Electric | Modicon M340 Firmware | < 3.10 |
| Schneider-Electric | Modicon M340 | - |
| Schneider-Electric | Modicon Quantum Firmware | All versions |
| Schneider-Electric | Modicon Quantum | - |
| Schneider-Electric | Modicon Premium Firmware | All versions |
| Schneider-Electric | Modicon Premium | - |
Related Weaknesses (CWE)
References
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740ExploitThird Party Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740ExploitThird Party Advisory
FAQ
What is CVE-2018-7848?
CVE-2018-7848 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when r...
How severe is CVE-2018-7848?
CVE-2018-7848 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7848?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M580 Firmware, Schneider-Electric Modicon M580, Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Modicon Quantum Firmware.