CVE-2018-7849

HIGH

Modicon - DoS

Title source: llm

Description

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.

Exploits (1)

nomisec WORKING POC 1 stars
by yanissec · poc
https://github.com/yanissec/CVE-2018-7849

References (2)

Scores

CVSS v3 7.5
EPSS 0.1292
EPSS Percentile 93.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-755
Status published

Affected Products (4)

schneider-electric/modicon_m580_firmware
schneider-electric/modicon_m340_firmware
schneider-electric/modicon_quantum_firmware
schneider-electric/modicon_premium_firmware

Timeline

Published May 22, 2019
Tracked Since Feb 18, 2026