CVE-2018-7854

HIGH

Modicon M580, M340, Quantum, and Premium - Denial of Service via Invalid Modbus Debug Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7854. PoCs published by yanissec.

AI-analyzed exploit summary This PoC exploits a DoS vulnerability in Schneider Electric Modicon PLCs by sending malformed packets to crash the device. It reserves the PLC and sends a crafted packet to trigger the vulnerability.

Description

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.

Exploits (1)

nomisec WORKING POC
by yanissec · poc
https://github.com/yanissec/CVE-2018-7854

This PoC exploits a DoS vulnerability in Schneider Electric Modicon PLCs by sending malformed packets to crash the device. It reserves the PLC and sends a crafted packet to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Schneider Electric Modicon M580 < 2.90, Modicon M340 < 3.10
No auth needed
Prerequisites: Network access to the target PLC · Modbus port (502) open and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765

Scores

CVSS v3 7.5
EPSS 0.0230
EPSS Percentile 81.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-754
Status published
Products (4)
schneider-electric/modicon_m340_firmware < 3.10
schneider-electric/modicon_m580_firmware < 2.90
schneider-electric/modicon_premium_firmware
schneider-electric/modicon_quantum_firmware
Published May 22, 2019
Tracked Since Feb 18, 2026