CVE-2018-7853
HIGHModicon M580 < 2.90, M340 < 3.10, Quantum, and Premium - Denial of Service via Invalid Physical Memory Block Read
Title source: llmDescription
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764
Scores
CVSS v3
7.5
EPSS
0.0039
EPSS Percentile
60.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-754
Status
published
Products (4)
schneider-electric/modicon_m340_firmware
< 3.10
schneider-electric/modicon_m580_firmware
< 2.90
schneider-electric/modicon_premium_firmware
schneider-electric/modicon_quantum_firmware
Published
May 22, 2019
Tracked Since
Feb 18, 2026