CVE-2018-7838

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

Una CWE-119: Existe una vulnerabilidad de Errores de Búfer en la CPU M580 - BMEP582040 de Modicon , todas las versiones anteriores a la V2.90, y el módulo Ethernet BMENOC0301 de Modicon, todas las versiones anteriores a la V2.16, lo que podría causar la denegación de servicio en el servicio FTP del controlador o Módulo Ethernet BMENOC cuando recibe un comando CWD de FTP con una longitud de datos superior a 1020 bytes. Se necesita entonces un ciclo de energía para reactivar el servicio FTP.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-03-08 CVE Reserved
2019-07-15 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03	2022-04-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Schneider-electric Search vendor "Schneider-electric"	Bmenoc0301 Firmware Search vendor "Schneider-electric" for product "Bmenoc0301 Firmware"	< 2.16 Search vendor "Schneider-electric" for product "Bmenoc0301 Firmware" and version " < 2.16"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmenoc0301 Search vendor "Schneider-electric" for product "Bmenoc0301"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep584040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmeh584040 Search vendor "Schneider-electric" for product "Bmeh584040"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep584040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmeh584040c Search vendor "Schneider-electric" for product "Bmeh584040c"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep584040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep584040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep584040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep584040s Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040s"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep586040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep586040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep586040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep586040c Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040c"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Bmeh586040 Firmware Search vendor "Schneider-electric" for product "Bmeh586040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Bmeh586040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmeh586040 Search vendor "Schneider-electric" for product "Bmeh586040"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Bmeh586040 Firmware Search vendor "Schneider-electric" for product "Bmeh586040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Bmeh586040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmeh586040c Search vendor "Schneider-electric" for product "Bmeh586040c"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep581020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep581020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep581020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep581020h Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020h"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582020h Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020h"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582040h Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040h"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep583020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep583020 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583020 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep583020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583020"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep583040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep583040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep583040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583040"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep584020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584020 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584020 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep584020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584020"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep585040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep585040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep585040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep585040c Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040c"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040s Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040s Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M580 Bmep582040s Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040s"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Bmeh582040 Firmware Search vendor "Schneider-electric" for product "Bmeh582040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Bmeh582040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmeh582040 Search vendor "Schneider-electric" for product "Bmeh582040"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Bmeh582040 Firmware Search vendor "Schneider-electric" for product "Bmeh582040 Firmware"	< 2.90 Search vendor "Schneider-electric" for product "Bmeh582040 Firmware" and version " < 2.90"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmeh582040c Search vendor "Schneider-electric" for product "Bmeh582040c"	-	-	Safe