CVE-2018-7240
First published: Wed Apr 18 2018(Updated: )
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric 140cpu65150 Firmware | ||
| Schneider-electric 140cpu65150 | ||
| Schneider-electric 140cpu31110 Firmware | ||
| Schneider-electric 140cpu31110 | ||
| Schneider-electric 140cpu43412u Firmware | ||
| Schneider-electric 140cpu43412u | ||
| Schneider-electric 140cpu65160 Firmware | ||
| Schneider-electric 140cpu65160 | ||
| Schneider-electric 140cpu65260 Firmware | ||
| Schneider-electric 140cpu65260 | ||
| Schneider-electric 140cpu65860 Firmware | ||
| Schneider-electric 140cpu65860 | ||
| Schneider-electric 140cpu65160s Firmware | ||
| Schneider-electric 140cpu65160s | ||
| Schneider-electric 140cpu65150c Firmware | ||
| Schneider-electric 140cpu65150c | ||
| Schneider-electric 140cpu31110c Firmware | ||
| Schneider-electric 140cpu31110c | ||
| Schneider-electric 140cpu43412uc Firmware | ||
| Schneider-electric 140cpu43412uc | ||
| Schneider-electric 140cpu65160c Firmware | ||
| Schneider-electric 140cpu65160c | ||
| Schneider-electric 140cpu65260c Firmware | ||
| Schneider-electric 140cpu65260c | ||
| Schneider-electric 140cpu65860c Firmware | ||
| Schneider-electric 140cpu65860c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-7240?
CVE-2018-7240 is a vulnerability in Schneider Electric's Modicon Quantum communication modules that allows arbitrary code execution.
How severe is CVE-2018-7240?
CVE-2018-7240 has a severity score of 8.8 out of 10, indicating a high severity vulnerability.
Which software versions are affected by CVE-2018-7240?
CVE-2018-7240 affects all versions of Schneider Electric's Modicon Quantum communication modules.
How can CVE-2018-7240 be exploited?
CVE-2018-7240 can be exploited by misusing an FTP command used for firmware upgrade to cause a denial of service or load a malicious firmware.
Where can I find more information about CVE-2018-7240?
More information about CVE-2018-7240 can be found at the following references: http://www.securityfocus.com/bid/103541, https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01, and https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
- collector/nvd-index
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric 140cpu65150 firmware
- canonical/schneider-electric 140cpu65150
- canonical/schneider-electric 140cpu31110 firmware
- canonical/schneider-electric 140cpu31110
- canonical/schneider-electric 140cpu43412u firmware
- canonical/schneider-electric 140cpu43412u
- canonical/schneider-electric 140cpu65160 firmware
- canonical/schneider-electric 140cpu65160
- canonical/schneider-electric 140cpu65260 firmware
- canonical/schneider-electric 140cpu65260
- canonical/schneider-electric 140cpu65860 firmware
- canonical/schneider-electric 140cpu65860
- canonical/schneider-electric 140cpu65160s firmware
- canonical/schneider-electric 140cpu65160s
- canonical/schneider-electric 140cpu65150c firmware
- canonical/schneider-electric 140cpu65150c
- canonical/schneider-electric 140cpu31110c firmware
- canonical/schneider-electric 140cpu31110c
- canonical/schneider-electric 140cpu43412uc firmware
- canonical/schneider-electric 140cpu43412uc
- canonical/schneider-electric 140cpu65160c firmware
- canonical/schneider-electric 140cpu65160c
- canonical/schneider-electric 140cpu65260c firmware
- canonical/schneider-electric 140cpu65260c
- canonical/schneider-electric 140cpu65860c firmware
- canonical/schneider-electric 140cpu65860c