CVE-2018-7794

Summary

CVE	CVE-2018-7794
State	PUBLISHED
Assigner	schneider
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-01-06 23:15:10 UTC
Updated	2026-05-29 15:16:16 UTC
Description	A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

Risk And Classification

Primary CVSS: v3.1 7.5 HIGH from [email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types: CWE-754 | CWE-754 CWE-754: Improper Check for Unusual or Exceptional Conditions

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	7.5	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
3.1	ADP	DECLARED	7.5	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
3.1	134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	7.5	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
2.0	[email protected]	Primary	5		`AV:N/AC:L/Au:N/C:N/I:N/A:P`

CVSS v3.1 Breakdown

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Schneider-electric	140cpu65150	-	All	All	All
Operating System	Schneider-electric	140cpu65150 Firmware	All	All	All	All
Hardware	Schneider-electric	140cpu65160	-	All	All	All
Operating System	Schneider-electric	140cpu65160 Firmware	All	All	All	All
Hardware	Schneider-electric	140cpu65260	-	All	All	All
Operating System	Schneider-electric	140cpu65260 Firmware	All	All	All	All
Hardware	Schneider-electric	140cpu67060	-	All	All	All
Operating System	Schneider-electric	140cpu67060 Firmware	All	All	All	All
Hardware	Schneider-electric	140cpu67160	-	All	All	All
Operating System	Schneider-electric	140cpu67160 Firmware	All	All	All	All
Hardware	Schneider-electric	140cpu67261	-	All	All	All
Operating System	Schneider-electric	140cpu67261 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon M340	-	All	All	All
Operating System	Schneider-electric	Modicon M340 Firmware	All	All	All	All
Hardware	Schneider-electric	Modicon M580	-	All	All	All
Operating System	Schneider-electric	Modicon M580 Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxh5724m	-	All	All	All
Operating System	Schneider-electric	Tsxh5724m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxh5744m	-	All	All	All
Operating System	Schneider-electric	Tsxh5744m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp57104m	-	All	All	All
Operating System	Schneider-electric	Tsxp57104m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp57154m	-	All	All	All
Operating System	Schneider-electric	Tsxp57154m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp571634m	-	All	All	All
Operating System	Schneider-electric	Tsxp571634m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp57204m	-	All	All	All
Operating System	Schneider-electric	Tsxp57204m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp57254m	-	All	All	All
Operating System	Schneider-electric	Tsxp57254m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp572634m	-	All	All	All
Operating System	Schneider-electric	Tsxp572634m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp57304m	-	All	All	All
Operating System	Schneider-electric	Tsxp57304m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp57354m	-	All	All	All
Operating System	Schneider-electric	Tsxp57354m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp573634m	-	All	All	All
Operating System	Schneider-electric	Tsxp573634m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp57454m	-	All	All	All
Operating System	Schneider-electric	Tsxp57454m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp574634m	-	All	All	All
Operating System	Schneider-electric	Tsxp574634m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp57554m	-	All	All	All
Operating System	Schneider-electric	Tsxp57554m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp575634m	-	All	All	All
Operating System	Schneider-electric	Tsxp575634m Firmware	All	All	All	All
Hardware	Schneider-electric	Tsxp576634m	-	All	All	All
Operating System	Schneider-electric	Tsxp576634m Firmware	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Schneider Electric SE	Modicon M580 Modicon M340 Modicon Quantum Modicon Premium See Security Notification For Specific Versions	affected Modicon M580	Not specified
CNA	Schneider Electric SE	Modicon M580 Modicon M340 Modicon Quantum Modicon Premium See Security Notification For Specific Versions	affected Modicon M340	Not specified
CNA	Schneider Electric SE	Modicon M580 Modicon M340 Modicon Quantum Modicon Premium See Security Notification For Specific Versions	affected Modicon Quantum	Not specified
CNA	Schneider Electric SE	Modicon M580 Modicon M340 Modicon Quantum Modicon Premium See Security Notification For Specific Versions	affected Modicon Premium (see security notification for specific versions)	Not specified

References

Reference	Source	Link	Tags
Security Notification - Modicon Controllers (V1.1) \| Schneider Electric	af854a3a-2127-422b-91ae-364da2661108	www.se.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590473 Schneider Electric Modicon Controllers (Update A) Multiple Vulnerabilities(ICSA-20-016-01)