CVE-2018-7838

moderate-risk
Published 2019-07-15

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

Do I need to act?

-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (13)

Bmenoc0301 Firmware
Modicon M580 Bmep584040 Firmware
Modicon M580 Bmep586040 Firmware
Bmeh586040 Firmware
Modicon M580 Bmep581020 Firmware
Modicon M580 Bmep582020 Firmware
Modicon M580 Bmep582040 Firmware
Modicon M580 Bmep583020 Firmware
Modicon M580 Bmep583040 Firmware
Modicon M580 Bmep584020 Firmware
Modicon M580 Bmep585040 Firmware
Modicon M580 Bmep582040S Firmware
Bmeh582040 Firmware

Affected Vendors

Schneider-Electric

References (2)

Vendor Advisory https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03
Vendor Advisory https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate