Details of VAR-201905-1038

ID

VAR-201905-1038

CVE

CVE-2018-7856

TITLE

plural Modicon Product Exceptional State Check Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015466

DESCRIPTION

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus. plural Modicon The product contains an exceptional state check vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

Trust: 1.8

sources: NVD: CVE-2018-7856 // JVNDB: JVNDB-2018-015466 // VULHUB: VHN-137888 // VULMON: CVE-2018-7856

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon quantum	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340	scope:	lt	version:	3.10	Trust: 1.0
vendor:	schneider electric	model:	modicon m580	scope:	lt	version:	2.90	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon premium plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-015466 // NVD: CVE-2018-7856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7856
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7856
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-941
value:	HIGH
Trust: 0.6
VULHUB:	VHN-137888
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-7856
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7856
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-137888
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7856
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2018-7856
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-137888 // VULMON: CVE-2018-7856 // JVNDB: JVNDB-2018-015466 // CNNVD: CNNVD-201905-941 // NVD: CVE-2018-7856

PROBLEMTYPE DATA

problemtype:	CWE-754	Trust: 1.1
problemtype:	Improper checking in exceptional conditions (CWE-754) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-137888 // JVNDB: JVNDB-2018-015466 // NVD: CVE-2018-7856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-941

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-941

PATCH

title:	SEVD-2019-134-11	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/	Trust: 0.8
title:	QuickPcap	url:	https://github.com/amit-raut/QuickPcap	Trust: 0.1

sources: VULMON: CVE-2018-7856 // JVNDB: JVNDB-2018-015466

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7856	Trust: 3.4
db:	TALOS	id:	TALOS-2019-0767	Trust: 1.8
db:	SCHNEIDER	id:	SEVD-2019-134-11	Trust: 1.8
db:	ICS CERT	id:	ICSA-25-114-01	Trust: 0.8
db:	JVN	id:	JVNVU92254859	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-015466	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-941	Trust: 0.7
db:	VULHUB	id:	VHN-137888	Trust: 0.1
db:	VULMON	id:	CVE-2018-7856	Trust: 0.1

sources: VULHUB: VHN-137888 // VULMON: CVE-2018-7856 // JVNDB: JVNDB-2018-015466 // CNNVD: CNNVD-201905-941 // NVD: CVE-2018-7856

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/	Trust: 1.8
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2019-0767	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7856	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu92254859/index.html	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01	Trust: 0.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2019-0767	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/754.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/amit-raut/quickpcap	Trust: 0.1

sources: VULHUB: VHN-137888 // VULMON: CVE-2018-7856 // JVNDB: JVNDB-2018-015466 // CNNVD: CNNVD-201905-941 // NVD: CVE-2018-7856

SOURCES

db:	VULHUB	id:	VHN-137888
db:	VULMON	id:	CVE-2018-7856
db:	JVNDB	id:	JVNDB-2018-015466
db:	CNNVD	id:	CNNVD-201905-941
db:	NVD	id:	CVE-2018-7856

LAST UPDATE DATE

2025-04-30T22:46:29.933000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-137888	date:	2019-06-11T00:00:00
db:	VULMON	id:	CVE-2018-7856	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-015466	date:	2025-04-28T08:16:00
db:	CNNVD	id:	CNNVD-201905-941	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2018-7856	date:	2024-11-21T04:12:53.270

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-137888	date:	2019-05-22T00:00:00
db:	VULMON	id:	CVE-2018-7856	date:	2019-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-015466	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-941	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2018-7856	date:	2019-05-22T21:29:00.527