CVE-2018-7846

CRITICAL

Modicon M580, M340, Quantum and Premium Firmware - Unauthorized Access via Modbus Brute Force Attack

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7846. PoCs published by yanissec.

AI-analyzed exploit summary This PoC exploits CVE-2018-7846, a vulnerability in Schneider Electric Modicon PLCs, by brute-forcing session keys to release PLC reservations. It sends crafted packets to bypass authentication and disrupt PLC operations.

Description

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.

Exploits (1)

nomisec WORKING POC
by yanissec · poc
https://github.com/yanissec/CVE-2018-7846

This PoC exploits CVE-2018-7846, a vulnerability in Schneider Electric Modicon PLCs, by brute-forcing session keys to release PLC reservations. It sends crafted packets to bypass authentication and disrupt PLC operations.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Schneider Electric Modicon M580, M340, Premium, Quantum (various versions)
No auth needed
Prerequisites: Network access to the target PLC · Modbus/TCP port (default 502) accessible
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735

Scores

CVSS v3 9.8
EPSS 0.2958
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-668
Status published
Products (4)
schneider-electric/modicon_m340_firmware
schneider-electric/modicon_m580_firmware
schneider-electric/modicon_premium_firmware
schneider-electric/modicon_quantum_firmware
Published May 22, 2019
Tracked Since Feb 18, 2026