Armis Logo< Back

CVE-2018-7852:

CVE-2018-7852: CWE-248 Uncaught Exception vulnerability affecting Schneider Electric Modicon M580, M340, Quantum, and Premium controllers; could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

7.5High
  • Published Date:May 22, 2019
  • CISA KEV Date:*No Data*
  • Industries Affected:20

Threat Predictions

  • EPSS Score:12.9
  • EPSS Percentile:94%

Exploitability

  • Score:3.9
  • Attack Vector:NETWORK
  • Attack Complexity:LOW
  • Privileges Required:NONE
  • User Interaction:NONE
  • Scope:UNCHANGED

Impact

  • Score:3.6
  • Confidentiality Impact:NONE
  • Integrity Impact:NONE
  • Availability Impact:HIGH

Description Preview

CVE-2018-7852: CWE-248 Uncaught Exception vulnerability affecting Schneider Electric Modicon M580, M340, Quantum, and Premium controllers; could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.

Overview

The identified issue is an uncaught exception vulnerability that can be triggered by malformed private command parameters sent over Modbus to Schneider Electric Modicon controllers (M580, M340, Quantum, and Premium). The result can be a denial of service, rendering the device unresponsive. The vulnerability is categorized under CWE-248 and affects all versions of the listed controllers. Public advisories reference SEVD-2019-134-11 and the TALOS report TALOS-2019-0763 for details and potential mitigations.

Remediation

  • Check the vendor advisory SEVD-2019-134-11 and the TALOS TALOS-2019-0763 report for any patched firmware or official mitigations.
  • If patched firmware or a mitigation is released by Schneider Electric, upgrade the Modicon M580, M340, Quantum, and Premium controllers to the recommended version following the vendor’s upgrade guidance.
  • If no patch is available, implement compensating controls to reduce exposure:
  • Restrict Modbus access to trusted networks using firewalls, ACLs, or network segmentation.
  • Disable or minimize use of private command parameters if possible, or limit their exposure to management networks.
  • Monitor Modbus traffic for anomalous or malformed private command parameters and alert on suspicious activity.
  • Validate changes in a test environment before deploying to production, and ensure proper change management and backup procedures.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low
Mining icon
Mining
Utilities icon
Utilities
Information icon
Information
Construction icon
Construction
Retail Trade icon
Retail Trade
Manufacturing icon
Manufacturing
Wholesale Trade icon
Wholesale Trade
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Public Administration icon
Public Administration
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Transportation and Warehousing icon
Transportation and Warehousing
Accommodation and Food Services icon
Accommodation and Food Services
Health Care and Social Assistance icon
Health Care and Social Assistance
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!