Vulnerability Details : CVE-2018-7852
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.
Vulnerability category: Denial of service
Products affected by CVE-2018-7852
- cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7852
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7852
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-7852
-
The product does not handle or incorrectly handles an exceptional condition.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7852
-
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763
TALOS-2019-0763 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Third Party Advisory
-
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Security Notification - Modicon Controllers V1.3 | Schneider ElectricVendor Advisory
Jump to