medium
6.8
CWE
119
Advisory Published
Updated

CVE-2018-7851: Buffer Overflow

First published: Wed May 22 2019(Updated: )

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.

Credit: cybersecurity@se.com

Affected SoftwareAffected VersionHow to fix
Schneider Electric Modicon M580 Firmware<2.50
Schneider Electric BMEH582040 Firmware
Schneider Electric BMEH582040C
Schneider Electric BMEH584040
Schneider Electric BMEH584040C
Schneider Electric BMEH586040
schneider-electric bmeh586040c
Schneider Electric Modicon M580 BMEP581020
schneider-electric Modicon M580 BMEP581020H firmware
Modicon M580
Modicon M580
schneider-electric Modicon M580
schneider-electric Modicon M580
Schneider Electric Modicon M580 BMEP582040S
Schneider Electric Modicon M580 BMEP583020
Schneider Electric Modicon M580 BMEP583040
Schneider Electric Modicon M580 BMEP584020 Firmware
Schneider Electric Modicon M580 BMEP584040 Firmware
Schneider Electric Modicon M580 BMEP584040S Firmware
schneider-electric Modicon M580 BMEP585040C Firmware
schneider-electric Modicon M580 BMEP585040C Firmware
schneider-electric modicon m580 bmep586040 firmware
schneider-electric Modicon M580 bmep586040c firmware
Schneider Electric Modicon M340 Firmware<3.01
Schneider Electric BMXP341000 Firmware
Schneider Electric BMXP341000H Firmware
Schneider Electric BMXP342000 Firmware
Schneider Electric BMXP3420102 Firmware
Schneider Electric BMXP3420102CL
schneider-electric BMXP342020H firmware
schneider-electric BMXP342020H firmware
Schneider Electric BMXP3420302H firmware
Schneider Electric BMXP3420302CL Firmware
Schneider Electric BMXP3420302H firmware
Schneider Electric BMX/E CRA Firmware<2.40
Schneider Electric BMXCRA31200
Schneider Electric BMxCRA31210C
Schneider Electric Modicon Premium
Schneider Electric Modicon Premium
Schneider Electric 140CRA312xxx Firmware
Schneider Electric Modicon 140CRA312xxx
All of
Schneider Electric Modicon M580 Firmware<2.50
Any of
Schneider Electric BMEH582040 Firmware
Schneider Electric BMEH582040C
Schneider Electric BMEH584040
Schneider Electric BMEH584040C
Schneider Electric BMEH586040
schneider-electric bmeh586040c
Schneider Electric Modicon M580 BMEP581020
schneider-electric Modicon M580 BMEP581020H firmware
Modicon M580
Modicon M580
schneider-electric Modicon M580
schneider-electric Modicon M580
Schneider Electric Modicon M580 BMEP582040S
Schneider Electric Modicon M580 BMEP583020
Schneider Electric Modicon M580 BMEP583040
Schneider Electric Modicon M580 BMEP584020 Firmware
Schneider Electric Modicon M580 BMEP584040 Firmware
Schneider Electric Modicon M580 BMEP584040S Firmware
schneider-electric Modicon M580 BMEP585040C Firmware
schneider-electric Modicon M580 BMEP585040C Firmware
schneider-electric modicon m580 bmep586040 firmware
schneider-electric Modicon M580 bmep586040c firmware
All of
Schneider Electric Modicon M340 Firmware<3.01
Any of
Schneider Electric Modicon M340 BMXP341000
Schneider Electric Modicon M340 BMXP341000H
Schneider Electric Modicon M340 BMXP342000 Firmware
Schneider Electric Modicon M340 BMXP3420102
Schneider Electric Modicon M340 BMXP3420102CL Firmware
Schneider Electric Modicon M340 BMXP342020
Schneider Electric Modicon M340 BMXP342020H
Schneider Electric Modicon M340 BMXP3420302 Firmware
Schneider Electric Modicon M340 BMXP3420302CL
Schneider Electric Modicon M340 BMXP3420302H Firmware
All of
Schneider Electric BMX/E CRA Firmware<2.40
Any of
Schneider Electric BMXCRA31200
Schneider Electric BMxCRA31210C
All of
Schneider Electric Modicon Premium
Schneider Electric Modicon Premium
All of
Schneider Electric 140CRA312xxx Firmware
Schneider Electric Modicon 140CRA312xxx

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2018-7851.

  • What is the severity of CVE-2018-7851?

    The severity of CVE-2018-7851 is medium with a CVSS score of 6.5.

  • Which software is affected by CVE-2018-7851?

    CVE-2018-7851 affects Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, and all firmware versions of Modicon Premium and 140CRA312xxx.

  • How can I fix CVE-2018-7851?

    To fix CVE-2018-7851, it is recommended to update the firmware of the affected devices to V2.50 or later for Modicon M580, V3.01 or later for Modicon M340, V2.40 or later for BMxCRA312xx, and the latest version available for Modicon Premium and 140CRA312xxx.

  • Where can I find more information about CVE-2018-7851?

    You can find more information about CVE-2018-7851 in the Schneider Electric Security Advisory SEVD-2019-134-10.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203