#VU21491 Uncaught Exception in Schneider Electric products - CVE-2018-7857
Published: October 2, 2019
Vulnerability identifier: #VU21491
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-7857
CWE-ID: CWE-248
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when writing out of bounds variables to the controller over Modbus. A remote attacker can cause a denial of service condition.
Note: A partial fix is available for this vulnerability on Modicon M580 firmware V2.80 and Modicon M340 firmware V3.01
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.