CVE-2018-7851

Published May 22, 2019
Last updated 7 months ago
CVSS medium 6.5
Overview

Description: CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.
Source: cybersecurity@se.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:C
Weaknesses

nvd@nist.gov: CWE-119
cybersecurity@se.com: CWE-119
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:m580_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B538C424-0F99-4D98-AB1F-CFE9D07DA37B",
            "versionEndExcluding": "2.50"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E6E5E62-BBA8-4370-A232-8E1196757C3E"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63D48211-A734-4F98-A4D5-569268335757"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "38D22DD5-677B-42E8-AE1F-11601D4BF110"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "79907FE7-B4B0-4732-9287-B7ED13115F6C"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:m340_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8ED6BE5-14D0-4B3C-B00D-5274D9233247",
            "versionEndExcluding": "3.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "69222495-4F18-434E-B86C-F63C5A2C1242"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:bmx\\/e_cra_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB34942D-0DBD-43CB-847A-C5349EB9A92A",
            "versionEndExcluding": "2.40"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxcra31200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "887930A9-2577-4E69-AB81-0C8582A13F34"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmxcra31210c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "46150F0B-D3A6-44C4-94A1-448D1B4294EB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:140cra312xxx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCE700BF-EEFD-4349-9B33-432281EA23BE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:140cra312xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8CC7AABD-9260-4F6C-A6C9-AE738263F90A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
