Details of VAR-201804-1275

ID

VAR-201804-1275

CVE

CVE-2018-7240

TITLE

Schneider Electric Multiple Product Stack Buffer Overflow Vulnerabilities

Trust: 0.8

sources: IVD: e2e9e142-39ab-11e9-abba-000c29342cb1 // CNVD: CNVD-2018-06521

DESCRIPTION

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware. Schneider Electric Modicon Quantum Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\Modicon Quantum\\Modicon M340\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A stack buffer overflow vulnerability exists in several Schneider Electric products due to the fact that the FTP server does not limit the length of command parameters, which can cause buffer overflows. A remote attacker can exploit this issue to cause a denial-of-service condition. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed

Trust: 2.7

sources: NVD: CVE-2018-7240 // JVNDB: JVNDB-2018-004277 // CNVD: CNVD-2018-06521 // BID: 103541 // IVD: e2e9e142-39ab-11e9-abba-000c29342cb1 // VULHUB: VHN-137272

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e9e142-39ab-11e9-abba-000c29342cb1 // CNVD: CNVD-2018-06521

AFFECTED PRODUCTS

vendor:	schneider electric	model:	140cpu65860	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	140cpu31110c	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	140cpu65160s	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	140cpu65260	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	140cpu43412uc	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	140cpu65150c	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	140cpu65860c	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	140cpu65260c	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	140cpu65160c	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	140cpu65150	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	140cpu31110	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	140cpu65160	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	140cpu43412u	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon premium	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon quantum	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m340	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon rtu	scope:	eq	version:	x80	Trust: 0.6
vendor:	140cpu65160c	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	schneider electric	model:	modicon quantum	scope:	eq	version:	0	Trust: 0.3
vendor:	140cpu65150	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu43412uc	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu65260c	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu65860c	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu31110	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu43412u	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu65160	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu65260	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu65860	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu65160s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu65150c	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	140cpu31110c	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2e9e142-39ab-11e9-abba-000c29342cb1 // CNVD: CNVD-2018-06521 // BID: 103541 // JVNDB: JVNDB-2018-004277 // CNNVD: CNNVD-201803-998 // NVD: CVE-2018-7240

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7240
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7240
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-06521
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-998
value:	HIGH
Trust: 0.6
IVD:	e2e9e142-39ab-11e9-abba-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-137272
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7240
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-06521
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e9e142-39ab-11e9-abba-000c29342cb1
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-137272
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7240
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e9e142-39ab-11e9-abba-000c29342cb1 // CNVD: CNVD-2018-06521 // VULHUB: VHN-137272 // JVNDB: JVNDB-2018-004277 // CNNVD: CNNVD-201803-998 // NVD: CVE-2018-7240

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-137272 // JVNDB: JVNDB-2018-004277 // NVD: CVE-2018-7240

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-998

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2e9e142-39ab-11e9-abba-000c29342cb1 // CNNVD: CNNVD-201803-998

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004277

PATCH

title:	Security Notification - Embedded FTP Servers for Modicon	url:	https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/	Trust: 0.8
title:	Multiple Schneider Electric Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79468	Trust: 0.6

sources: JVNDB: JVNDB-2018-004277 // CNNVD: CNNVD-201803-998

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7240	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-086-01	Trust: 3.4
db:	SCHNEIDER	id:	SEVD-2018-081-01	Trust: 2.0
db:	BID	id:	103541	Trust: 2.0
db:	CNNVD	id:	CNNVD-201803-998	Trust: 0.9
db:	CNVD	id:	CNVD-2018-06521	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-004277	Trust: 0.8
db:	IVD	id:	E2E9E142-39AB-11E9-ABBA-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-137272	Trust: 0.1

sources: IVD: e2e9e142-39ab-11e9-abba-000c29342cb1 // CNVD: CNVD-2018-06521 // VULHUB: VHN-137272 // BID: 103541 // JVNDB: JVNDB-2018-004277 // CNNVD: CNNVD-201803-998 // NVD: CVE-2018-7240

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-086-01	Trust: 3.4
url:	https://www.schneider-electric.com/en/download/document/sevd-2018-081-01/	Trust: 2.0
url:	http://www.securityfocus.com/bid/103541	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7240	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7240	Trust: 0.8
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2018-06521 // VULHUB: VHN-137272 // BID: 103541 // JVNDB: JVNDB-2018-004277 // CNNVD: CNNVD-201803-998 // NVD: CVE-2018-7240

CREDITS

Meng Leizi, Zhang Daoquan, Kirill Chernyshov and Alexey Stennikov (Positive Technologies)

Trust: 0.3

sources: BID: 103541

SOURCES

db:	IVD	id:	e2e9e142-39ab-11e9-abba-000c29342cb1
db:	CNVD	id:	CNVD-2018-06521
db:	VULHUB	id:	VHN-137272
db:	BID	id:	103541
db:	JVNDB	id:	JVNDB-2018-004277
db:	CNNVD	id:	CNNVD-201803-998
db:	NVD	id:	CVE-2018-7240

LAST UPDATE DATE

2024-11-23T22:45:23.663000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-06521	date:	2018-03-28T00:00:00
db:	VULHUB	id:	VHN-137272	date:	2019-10-03T00:00:00
db:	BID	id:	103541	date:	2018-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-004277	date:	2018-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201803-998	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7240	date:	2024-11-21T04:11:51.400

SOURCES RELEASE DATE

db:	IVD	id:	e2e9e142-39ab-11e9-abba-000c29342cb1	date:	2018-03-28T00:00:00
db:	CNVD	id:	CNVD-2018-06521	date:	2018-03-28T00:00:00
db:	VULHUB	id:	VHN-137272	date:	2018-04-18T00:00:00
db:	BID	id:	103541	date:	2018-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-004277	date:	2018-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201803-998	date:	2018-03-28T00:00:00
db:	NVD	id:	CVE-2018-7240	date:	2018-04-18T20:29:00.247