CVE-2018-7838

Published Jul 15, 2019
Last updated 3 years ago
CVSS high 7.5
Overview

Description: A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.
Source: cybersecurity@se.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses

nvd@nist.gov: CWE-119
cybersecurity@se.com: CWE-119
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:bmenoc0301_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB75A465-BACD-417F-9E87-5EBDBEF6DE91",
            "versionEndExcluding": "2.16"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmenoc0301:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE6DE336-F696-4C92-9244-315C154F2CE5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97C706A8-BF41-4003-9A34-E7C5FCF3956F",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63D48211-A734-4F98-A4D5-569268335757"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7793E88-6E59-43E5-B313-A21D40B63B47",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:bmeh586040_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90CB4BA4-B2B2-441C-A08F-EAB82A0E53DD",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "38D22DD5-677B-42E8-AE1F-11601D4BF110"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "79907FE7-B4B0-4732-9287-B7ED13115F6C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "054142F8-E6AF-48A5-8548-194651EB16FB",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F93A877E-BB42-4530-AE81-5C0D727B8A26",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B41AE173-2394-4508-A7DD-3166B6C0EBA0",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDB6829A-AE69-4DDC-B705-A94C8C7ADDA6",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8762598D-F015-498D-B478-C0CA8ABCB11C",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DA851AB-E6AD-4D84-AA3C-071E351C699F",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07A33F89-F53A-4DA0-8D21-2F7315A7E5E7",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FCDF8B2-687C-436E-BAF9-654D94409FC7",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:bmeh582040_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4166AE7D-36E9-4F72-868E-DC10DC071E99",
            "versionEndExcluding": "2.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E6E5E62-BBA8-4370-A232-8E1196757C3E"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
