Skip to main content

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 18, 2018 - 20:29 nvd
HIGH 8.8

DescriptionNVD

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.

AnalysisAI

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware. Affected products include: Schneider-Electric 140Cpu65150 Firmware, Schneider-Electric 140Cpu31110 Firmware, Schneider-Electric 140Cpu43412U Firmware, Schneider-Electric 140Cpu65160 Firmware, Schneider-Electric 140Cpu65260 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2020-7540 CRITICAL
9.8 Dec 11

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy O

CVE-2018-7761 CRITICAL
9.8 Apr 18

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum

CVE-2018-7760 CRITICAL
9.8 Apr 18

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC,

CVE-2018-7242 CRITICAL
9.8 Apr 18

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200

CVE-2018-7241 CRITICAL
9.8 Apr 18

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 control

CVE-2021-22788 HIGH
7.5 Feb 11

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a speciall

CVE-2020-7477 HIGH
7.5 Mar 23

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module

CVE-2019-6857 HIGH
7.5 Jan 06

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modi

CVE-2019-6856 HIGH
7.5 Jan 06

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modi

CVE-2021-22787 HIGH
7.5 Feb 11

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attack

CVE-2021-22785 HIGH
7.5 Feb 11

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web

CVE-2018-7794 HIGH
7.5 Jan 06

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modi

Share

CVE-2018-7240 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy