CVE-2018-7240
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
Existe una vulnerabilidad en Modicon Quantum, de Schneider Electric, en todas las versiones de los módulos de comunicación que podría permitir la ejecución de código arbitrario. Un comando FTP usado para actualizar el firmware del módulo puede emplearse erróneamente para provocar una denegación de servicio (DoS) o, en casos extremos, cargar un firmware malicioso.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-02-19 CVE Reserved
- 2018-04-18 CVE Published
- 2024-03-28 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103541 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65150 Firmware Search vendor "Schneider-electric" for product "140cpu65150 Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65150 Search vendor "Schneider-electric" for product "140cpu65150" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu31110 Firmware Search vendor "Schneider-electric" for product "140cpu31110 Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu31110 Search vendor "Schneider-electric" for product "140cpu31110" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu43412u Firmware Search vendor "Schneider-electric" for product "140cpu43412u Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu43412u Search vendor "Schneider-electric" for product "140cpu43412u" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65160 Firmware Search vendor "Schneider-electric" for product "140cpu65160 Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65160 Search vendor "Schneider-electric" for product "140cpu65160" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65260 Firmware Search vendor "Schneider-electric" for product "140cpu65260 Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65260 Search vendor "Schneider-electric" for product "140cpu65260" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65860 Firmware Search vendor "Schneider-electric" for product "140cpu65860 Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65860 Search vendor "Schneider-electric" for product "140cpu65860" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65160s Firmware Search vendor "Schneider-electric" for product "140cpu65160s Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65160s Search vendor "Schneider-electric" for product "140cpu65160s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65150c Firmware Search vendor "Schneider-electric" for product "140cpu65150c Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65150c Search vendor "Schneider-electric" for product "140cpu65150c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu31110c Firmware Search vendor "Schneider-electric" for product "140cpu31110c Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu31110c Search vendor "Schneider-electric" for product "140cpu31110c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu43412uc Firmware Search vendor "Schneider-electric" for product "140cpu43412uc Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu43412uc Search vendor "Schneider-electric" for product "140cpu43412uc" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65160c Firmware Search vendor "Schneider-electric" for product "140cpu65160c Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65160c Search vendor "Schneider-electric" for product "140cpu65160c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65160c Firmware Search vendor "Schneider-electric" for product "140cpu65160c Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65160c Search vendor "Schneider-electric" for product "140cpu65160c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65260c Firmware Search vendor "Schneider-electric" for product "140cpu65260c Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65260c Search vendor "Schneider-electric" for product "140cpu65260c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65860c Firmware Search vendor "Schneider-electric" for product "140cpu65860c Firmware" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65860c Search vendor "Schneider-electric" for product "140cpu65860c" | - | - |
Safe
|