Trust boundary violation in Schneider Electric products - CVE-2018-7846
Published: October 3, 2019
Vulnerability identifier: #VU21498
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2018-7846
CWE-ID:
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to the target system.
The vulnerability exists on connection to the Controller due to the affected product mixes trusted and untrusted data in the same data structure or structured message. A remote attacker can conduct a brute force attack on Modbus protocol to the controller and gain unauthorized access to the target system.
How to mitigate CVE-2018-7846
Install updates from vendor's website.