CVE-2018-7240

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2018-7240
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2018-04-18 20:29:00 UTC
Updated2019-10-03 00:03:00 UTC
DescriptionA vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Hardware Schneider-electric 140cpu31110 - All All All
Hardware Schneider-electric 140cpu31110 - All All All
Hardware Schneider-electric 140cpu31110c - All All All
Hardware Schneider-electric 140cpu31110c - All All All
Operating System Schneider-electric 140cpu31110c Firmware - All All All
Operating System Schneider-electric 140cpu31110c Firmware - All All All
Operating System Schneider-electric 140cpu31110 Firmware - All All All
Operating System Schneider-electric 140cpu31110 Firmware - All All All
Hardware Schneider-electric 140cpu43412u - All All All
Hardware Schneider-electric 140cpu43412u - All All All
Hardware Schneider-electric 140cpu43412uc - All All All
Hardware Schneider-electric 140cpu43412uc - All All All
Operating System Schneider-electric 140cpu43412uc Firmware - All All All
Operating System Schneider-electric 140cpu43412uc Firmware - All All All
Operating System Schneider-electric 140cpu43412u Firmware - All All All
Operating System Schneider-electric 140cpu43412u Firmware - All All All
Hardware Schneider-electric 140cpu65150 - All All All
Hardware Schneider-electric 140cpu65150 - All All All
Hardware Schneider-electric 140cpu65150c - All All All
Hardware Schneider-electric 140cpu65150c - All All All
Operating System Schneider-electric 140cpu65150c Firmware - All All All
Operating System Schneider-electric 140cpu65150c Firmware - All All All
Operating System Schneider-electric 140cpu65150 Firmware - All All All
Operating System Schneider-electric 140cpu65150 Firmware - All All All
Hardware Schneider-electric 140cpu65160 - All All All
Hardware Schneider-electric 140cpu65160 - All All All
Hardware Schneider-electric 140cpu65160c - All All All
Hardware Schneider-electric 140cpu65160c - All All All
Operating System Schneider-electric 140cpu65160c Firmware - All All All
Operating System Schneider-electric 140cpu65160c Firmware - All All All
Hardware Schneider-electric 140cpu65160s - All All All
Hardware Schneider-electric 140cpu65160s - All All All
Operating System Schneider-electric 140cpu65160s Firmware - All All All
Operating System Schneider-electric 140cpu65160s Firmware - All All All
Operating System Schneider-electric 140cpu65160 Firmware - All All All
Operating System Schneider-electric 140cpu65160 Firmware - All All All
Hardware Schneider-electric 140cpu65260 - All All All
Hardware Schneider-electric 140cpu65260 - All All All
Hardware Schneider-electric 140cpu65260c - All All All
Hardware Schneider-electric 140cpu65260c - All All All
Operating System Schneider-electric 140cpu65260c Firmware - All All All
Operating System Schneider-electric 140cpu65260c Firmware - All All All
Operating System Schneider-electric 140cpu65260 Firmware - All All All
Operating System Schneider-electric 140cpu65260 Firmware - All All All
Hardware Schneider-electric 140cpu65860 - All All All
Hardware Schneider-electric 140cpu65860 - All All All
Hardware Schneider-electric 140cpu65860c - All All All
Hardware Schneider-electric 140cpu65860c - All All All
Operating System Schneider-electric 140cpu65860c Firmware - All All All
Operating System Schneider-electric 140cpu65860c Firmware - All All All
Operating System Schneider-electric 140cpu65860 Firmware - All All All
Operating System Schneider-electric 140cpu65860 Firmware - All All All

References

ReferenceSourceLinkTags
Security Notification - Embedded FT | Download Schneider Electric CONFIRM www.schneider-electric.com Vendor Advisory
Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 | ICS-CERT MISC ics-cert.us-cert.gov Third Party Advisory, US Government Resource
Malformed Request BID www.securityfocus.com Third Party Advisory, VDB Entry
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 590484 Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Multiple Vulnerabilities (ICSA-18-086-01)
  • 590907 Schneider Electric Embedded FTP Servers for Modicon PAC Controllers Multiple Vulnerabilities (SEVD-2018-081-01)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report