Vulnerability Description
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M580 Firmware | All versions |
| Schneider-Electric | Modicon M580 | - |
| Schneider-Electric | Modicon M340 Firmware | All versions |
| Schneider-Electric | Modicon M340 | - |
| Schneider-Electric | Modicon Quantum Firmware | All versions |
| Schneider-Electric | Modicon Quantum | - |
| Schneider-Electric | Modicon Premium Firmware | All versions |
| Schneider-Electric | Modicon Premium | - |
References
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743Third Party Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743Third Party Advisory
FAQ
What is CVE-2018-7850?
CVE-2018-7850 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid in...
How severe is CVE-2018-7850?
CVE-2018-7850 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7850?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M580 Firmware, Schneider-Electric Modicon M580, Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Modicon Quantum Firmware.