Uncaught Exception in Schneider Electric products - CVE-2018-7843
Published: October 3, 2019
Vulnerability identifier: #VU21496
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2018-7843
CWE-ID: CWE-248
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus. A remote attacker can cause a denial of service condition.
The vulnerability exists due to uncaught exception vulnerability when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus. A remote attacker can cause a denial of service condition.
How to mitigate CVE-2018-7843
Install updates from vendor's website.