CVE-2018-7758

moderate-risk

Published 2018-04-18

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Micom P141 Firmware

Micom P142 Firmware

Micom P143 Firmware

Micom P145 Firmware

Micom P642 Firmware

Micom P643 Firmware

Micom P645 Firmware

Micom P849 Firmware

Micom P746 Firmware

Micom P841A Firmware

Micom P841B Firmware

Micom P443 Firmware

Micom P445 Firmware

Micom P446 Firmware

Micom P441 Firmware

Micom P442 Firmware

Micom P444 Firmware

Micom P541 Firmware

Micom P542 Firmware

Micom P543 Firmware

Affected Vendors

Schneider-Electric

References (6)

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 21/34 · High