CVE-2018-7845

HIGH

Modicon M580, M340, Quantum, and Premium Firmware - Out-of-bounds Read via Modbus Memory Block Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7845. PoCs published by yanissec.

AI-analyzed exploit summary This PoC exploits a memory corruption vulnerability in Schneider Electric Modicon PLCs by sending maliciously crafted packets to trigger a denial-of-service condition. The script iterates through memory offsets to identify vulnerable blocks, potentially causing the PLC to crash.

Description

A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.

Exploits (1)

nomisec WORKING POC 1 stars

by yanissec · poc

https://github.com/yanissec/CVE-2018-7845

View Code ZIP pw:eip

This PoC exploits a memory corruption vulnerability in Schneider Electric Modicon PLCs by sending maliciously crafted packets to trigger a denial-of-service condition. The script iterates through memory offsets to identify vulnerable blocks, potentially causing the PLC to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Schneider Electric Modicon M580, M340, Premium, Quantum (versions < 2.80, 3.01, 3.20, 3.60 respectively)

No auth needed

Prerequisites: Network access to the target PLC · Modbus/TCP port (default 502) accessible

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

Exploit, Third Party Advisory x_refsource_misc

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745

Scores

CVSS v3 7.5

EPSS 0.0341

EPSS Percentile 87.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (4)

schneider-electric/modicon_m340_firmware

schneider-electric/modicon_m580_firmware

schneider-electric/modicon_premium_firmware

schneider-electric/modicon_quantum_firmware

Published May 22, 2019

Tracked Since Feb 18, 2026