CVE-2018-7838

EPSS 0.37%
Published 15.07.2019 21:15:10
Last modified 21.11.2024 04:12:51
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Bmenoc0301 Firmware Version < 2.16

Schneider-electric ≫ Bmenoc0301 Version-

Schneider-electric ≫ Modicon M580 Bmep584040 Firmware Version < 2.90

   Schneider-electric ≫ Bmeh584040 Version-
   Schneider-electric ≫ Bmeh584040c Version-
   Schneider-electric ≫ Modicon M580 Bmep584040 Version-
   Schneider-electric ≫ Modicon M580 Bmep584040s Version-

Schneider-electric ≫ Modicon M580 Bmep586040 Firmware Version < 2.90

Schneider-electric ≫ Modicon M580 Bmep586040 Version-
Schneider-electric ≫ Modicon M580 Bmep586040c Version-

Schneider-electric ≫ Bmeh586040 Firmware Version < 2.90

Schneider-electric ≫ Bmeh586040 Version-
Schneider-electric ≫ Bmeh586040c Version-

Schneider-electric ≫ Modicon M580 Bmep581020 Firmware Version < 2.90

Schneider-electric ≫ Modicon M580 Bmep581020 Version-
Schneider-electric ≫ Modicon M580 Bmep581020h Version-

Schneider-electric ≫ Modicon M580 Bmep582020 Firmware Version < 2.90

Schneider-electric ≫ Modicon M580 Bmep582020 Version-
Schneider-electric ≫ Modicon M580 Bmep582020h Version-

Schneider-electric ≫ Modicon M580 Bmep582040 Firmware Version < 2.90

Schneider-electric ≫ Modicon M580 Bmep582040 Version-
Schneider-electric ≫ Modicon M580 Bmep582040h Version-

Schneider-electric ≫ Modicon M580 Bmep583020 Firmware Version < 2.90

Schneider-electric ≫ Modicon M580 Bmep583020 Version-

Schneider-electric ≫ Modicon M580 Bmep583040 Firmware Version < 2.90

Schneider-electric ≫ Modicon M580 Bmep583040 Version-

Schneider-electric ≫ Modicon M580 Bmep584020 Firmware Version < 2.90

Schneider-electric ≫ Modicon M580 Bmep584020 Version-

Schneider-electric ≫ Modicon M580 Bmep585040 Firmware Version < 2.90

Schneider-electric ≫ Modicon M580 Bmep585040 Version-
Schneider-electric ≫ Modicon M580 Bmep585040c Version-

Schneider-electric ≫ Modicon M580 Bmep582040s Firmware Version < 2.90

Schneider-electric ≫ Modicon M580 Bmep582040s Version-

Schneider-electric ≫ Bmeh582040 Firmware Version < 2.90

Schneider-electric ≫ Bmeh582040 Version-
Schneider-electric ≫ Bmeh582040c Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.576

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-7838

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7838

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7838

EUVD