Vulnerability Details CVE-2018-7849
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.148
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-7849
-
cpe:2.3:h:schneider-electric:modicon_m340:-
-
cpe:2.3:h:schneider-electric:modicon_m580:-
-
cpe:2.3:h:schneider-electric:modicon_premium:-
-
cpe:2.3:h:schneider-electric:modicon_quantum:-
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.01
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.10
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.10
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.12
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.30
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.41
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.80
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.90
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:3.10
-
cpe:2.3:o:schneider-electric:modicon_premium_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_premium_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:2.40
-
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:3.60