CVE-2018-7852

HIGH

Modicon - DoS

Title source: llm

Description

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.

Exploits (1)

nomisec WORKING POC
by yanissec · poc
https://github.com/yanissec/CVE-2018-7852

References (2)

Scores

CVSS v3 7.5
EPSS 0.1292
EPSS Percentile 93.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-755
Status published

Affected Products (4)

schneider-electric/modicon_m580_firmware
schneider-electric/modicon_m340_firmware
schneider-electric/modicon_quantum_firmware
schneider-electric/modicon_premium_firmware

Timeline

Published May 22, 2019
Tracked Since Feb 18, 2026