CVE-2018-7846

CRITICAL

Modicon - Trust Boundary Violation

Title source: llm

Description

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.

Exploits (1)

nomisec WORKING POC

by yanissec · poc

https://github.com/yanissec/CVE-2018-7846

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

[Exploit, Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735

Scores

CVSS v3 9.8

EPSS 0.4332

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (4)

schneider-electric/modicon_m580_firmware

schneider-electric/modicon_m340_firmware

schneider-electric/modicon_quantum_firmware

schneider-electric/modicon_premium_firmware

Timeline

Published May 22, 2019

Tracked Since Feb 18, 2026