CVE-2018-7240

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.

CVSS v3.0 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/	Vendor Advisory
http://www.securityfocus.com/bid/103541	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu31110_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu31110:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu43412u_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu43412u:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65160_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65260_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65860_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65160s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65150c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65150c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu31110c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu31110c:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu43412uc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu43412uc:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65260c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65260c:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65860c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65860c:-:*:*:*:*:*:*:*

Information

Published : 2018-04-18 13:29

Updated : 2019-10-02 17:03

NVD link : CVE-2018-7240

Mitre link : CVE-2018-7240

JSON object : View

CWE

CWE-787

Out-of-bounds Write

Products Affected

schneider-electric

140cpu65150_firmware
140cpu43412u_firmware
140cpu65150
140cpu31110c
140cpu65260
140cpu65160c_firmware
140cpu65260_firmware
140cpu31110c_firmware
140cpu65860_firmware
140cpu31110_firmware
140cpu65860
140cpu65150c
140cpu43412uc_firmware
140cpu65160c
140cpu43412uc
140cpu65160_firmware
140cpu31110
140cpu65160s_firmware
140cpu65860c_firmware
140cpu43412u
140cpu65260c_firmware
140cpu65160s
140cpu65260c
140cpu65150c_firmware
140cpu65860c
140cpu65160

8.8 /10