CVE-2018-7851 — MEDIUM (6.5)

Q: How severe is CVE-2018-7851?

CVE-2018-7851 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-7851?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric M580 Firmware, Schneider-Electric Bmeh582040, Schneider-Electric Bmeh582040C, Schneider-Electric Bmeh584040, Schneider-Electric Bmeh584040C.

Vulnerability Description

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	M580 Firmware	< 2.50
Schneider-Electric	Bmeh582040	-
Schneider-Electric	Bmeh582040C	-
Schneider-Electric	Bmeh584040	-
Schneider-Electric	Bmeh584040C	-
Schneider-Electric	Bmeh586040	-
Schneider-Electric	Bmeh586040C	-
Schneider-Electric	Modicon M580 Bmep581020	-
Schneider-Electric	Modicon M580 Bmep581020H	-
Schneider-Electric	Modicon M580 Bmep582020	-
Schneider-Electric	Modicon M580 Bmep582020H	-
Schneider-Electric	Modicon M580 Bmep582040	-
Schneider-Electric	Modicon M580 Bmep582040H	-
Schneider-Electric	Modicon M580 Bmep582040S	-
Schneider-Electric	Modicon M580 Bmep583020	-
Schneider-Electric	Modicon M580 Bmep583040	-
Schneider-Electric	Modicon M580 Bmep584020	-
Schneider-Electric	Modicon M580 Bmep584040	-
Schneider-Electric	Modicon M580 Bmep584040S	-
Schneider-Electric	Modicon M580 Bmep585040	-

Related Weaknesses (CWE)

CWE-119

References

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/Vendor Advisory
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/Vendor Advisory

FAQ

What is CVE-2018-7851?

CVE-2018-7851 is a vulnerability with a CVSS score of 6.5 (MEDIUM). CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of ...

How severe is CVE-2018-7851?

CVE-2018-7851 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7851?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric M580 Firmware, Schneider-Electric Bmeh582040, Schneider-Electric Bmeh582040C, Schneider-Electric Bmeh584040, Schneider-Electric Bmeh584040C.