7.5
CVE-2018-7856
- EPSS 0.49%
- Published 22.05.2019 21:29:00
- Last modified 21.11.2024 04:12:53
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Modicon Premium Firmware Version-
Schneider-electric ≫ Modicon Quantum Firmware Version-
Schneider-electric ≫ Modicon M340 Firmware Version < 3.10
Schneider-electric ≫ Modicon M580 Firmware Version < 2.90
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.629 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-754 Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.