CVE-2018-7240
HIGHSchneider Electric Modicon Quantum - Out-of-bounds Write via FTP Firmware Upgrade
Title source: llmDescription
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103541
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
Scores
CVSS v3
8.8
EPSS
0.0041
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (13)
schneider-electric/140cpu31110_firmware
schneider-electric/140cpu31110c_firmware
schneider-electric/140cpu43412u_firmware
schneider-electric/140cpu43412uc_firmware
schneider-electric/140cpu65150_firmware
schneider-electric/140cpu65150c_firmware
schneider-electric/140cpu65160_firmware
schneider-electric/140cpu65160c_firmware
schneider-electric/140cpu65160s_firmware
schneider-electric/140cpu65260_firmware
... and 3 more
Published
Apr 18, 2018
Tracked Since
Feb 18, 2026