CVE-2018-7853
First published: Wed May 22 2019(Updated: )
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Modicon Premium Firmware | ||
| Schneider-electric Modicon Premium | ||
| Schneider-electric Modicon Quantum Firmware | ||
| Schneider-electric Modicon Quantum | ||
| Schneider-electric Modicon M340 Firmware | <3.10 | |
| Schneider-electric Modicon M340 | ||
| Schneider-electric Modicon M580 Firmware | <2.90 | |
| Schneider-electric Modicon M580 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-7853?
CVE-2018-7853 is a vulnerability that affects all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium, which could cause a denial of service when reading invalid physical memory blocks in the controller over Modbus.
What is the severity of CVE-2018-7853?
CVE-2018-7853 has a severity rating of high with a value of 7.5.
How does CVE-2018-7853 affect Schneider-electric Modicon Premium Firmware?
Schneider-electric Modicon Premium Firmware is affected by CVE-2018-7853 and could be vulnerable to a denial of service when reading invalid physical memory blocks in the controller over Modbus.
How can I fix CVE-2018-7853?
To fix CVE-2018-7853, it is recommended to upgrade to a version of the Modicon M580, Modicon M340, Modicon Quantum, or Modicon Premium firmware that is not affected by the vulnerability.
Where can I find more information about CVE-2018-7853?
More information about CVE-2018-7853 can be found on the Schneider Electric website and Talos Intelligence's vulnerability report.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- vendor/schneider-electric
- canonical/schneider-electric modicon premium firmware
- canonical/schneider-electric modicon premium
- canonical/schneider-electric modicon quantum firmware
- canonical/schneider-electric modicon quantum
- canonical/schneider-electric modicon m340 firmware
- canonical/schneider-electric modicon m340
- canonical/schneider-electric modicon m580 firmware
- canonical/schneider-electric modicon m580