CVE-2018-7838

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:bmenoc0301_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmenoc0301:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:bmeh584040:-:::::::*
	cpe:2.3:h:schneider-electric:bmeh584040c:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:bmeh586040_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:bmeh586040:-:::::::*
	cpe:2.3:h:schneider-electric:bmeh586040c:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:::::::*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:::::::*

Configuration 12 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:schneider-electric:bmeh582040_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:bmeh582040:-:::::::*
	cpe:2.3:h:schneider-electric:bmeh582040c:-:::::::*

History

No history.

Information

Published : 2019-07-15 21:15

Updated : 2024-02-28 17:08

NVD link : CVE-2018-7838

Mitre link : CVE-2018-7838

CVE.ORG link : CVE-2018-7838

JSON object : View

Products Affected

schneider-electric

bmeh584040
bmeh586040c
modicon_m580_bmep582020
modicon_m580_bmep583020
bmeh582040c
modicon_m580_bmep584040
modicon_m580_bmep584040s
modicon_m580_bmep583040
modicon_m580_bmep585040c
bmeh586040_firmware
modicon_m580_bmep582040_firmware
modicon_m580_bmep583040_firmware
bmeh582040_firmware
modicon_m580_bmep586040
modicon_m580_bmep586040c
modicon_m580_bmep584020_firmware
modicon_m580_bmep585040_firmware
modicon_m580_bmep581020
modicon_m580_bmep584020
modicon_m580_bmep582040
modicon_m580_bmep585040
modicon_m580_bmep582040s
bmeh586040
modicon_m580_bmep582040h
modicon_m580_bmep582040s_firmware
bmenoc0301
modicon_m580_bmep581020_firmware
bmenoc0301_firmware
bmeh582040
modicon_m580_bmep581020h
modicon_m580_bmep586040_firmware
modicon_m580_bmep582020h
modicon_m580_bmep584040_firmware
bmeh584040c
modicon_m580_bmep583020_firmware
modicon_m580_bmep582020_firmware

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2018-7838

7.5^/10

7.8^/10

Attach tags to `CVE-2018-7838`