CVE-2018-7240Out-of-bounds Write in Electric SE Modicon Quantum

CWE-787Out-of-bounds Write3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 38.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider Electric SE Modicon Quantum
Timeline
PublishedApr 18
Latest updateMay 13

Description

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5schneider_electric_se/modicon_quantumAll versions of Modicon Quantum communication modules

🔴Vulnerability Details

2
GHSA
GHSA-62m4-6p37-pc95: A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution2022-05-13
CVEList
CVE-2018-7240: A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution2018-04-18
CVE-2018-7240 — Out-of-bounds Write | cvebase