CVE-2018-7844

HIGH

Modicon M580, M340, Quantum, and Premium Firmware - SNMP Information Exposure via Modbus Memory Block Read

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7844. PoCs published by yanissec.

AI-analyzed exploit summary This PoC exploits CVE-2018-7844, an information leak vulnerability in Schneider Electric Modicon PLCs, by reading memory blocks via crafted Modbus TCP requests. It dumps memory contents to a file for further analysis.

Description

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.

Exploits (1)

nomisec WORKING POC

by yanissec · poc

https://github.com/yanissec/CVE-2018-7844

View Code ZIP pw:eip

This PoC exploits CVE-2018-7844, an information leak vulnerability in Schneider Electric Modicon PLCs, by reading memory blocks via crafted Modbus TCP requests. It dumps memory contents to a file for further analysis.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Schneider Electric Modicon M580/M340/Premium/Quantum (all versions)

No auth needed

Prerequisites: Network access to Modbus TCP port (default 502) · Vulnerable Schneider Electric Modicon PLC

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1040 - Network Sniffing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mitigation, Vendor Advisory x_refsource_misc

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

Exploit, Third Party Advisory x_refsource_misc

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739

Scores

CVSS v3 7.5

EPSS 0.0328

EPSS Percentile 86.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (4)

schneider-electric/modicon_m340_firmware

schneider-electric/modicon_m580_firmware

schneider-electric/modicon_premium_firmware

schneider-electric/modicon_quantum_firmware

Published May 22, 2019

Tracked Since Feb 18, 2026