CVE-2018-7838

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 41.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Bmeh582040 Firmware Schneider-electric Bmeh586040 Firmware Schneider-electric Bmenoc0301 Firmware +11 more

Timeline

PublishedJul 15

Latest updateMay 24

Description

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages14 packages

▶CVEListV5modicon/modicon_m580_cpu_-_bmep582040_all_versions_before_v2.90_and_modicon_ethernet_module_bmenoc0301_all_versions_before_v2.16Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16

▶NVDschneider-electric/modicon_m580_bmep581020_firmware< 2.90

▶NVDschneider-electric/modicon_m580_bmep582040_firmware< 2.90

▶NVDschneider-electric/modicon_m580_bmep582040s_firmware< 2.90

▶NVDschneider-electric/modicon_m580_bmep582020_firmware< 2.90

🔴Vulnerability Details

GHSA

GHSA-9v86-72g4-pvjh: A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2↗2022-05-24

▶

CVEList

CVE-2018-7838: A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2↗2019-07-15

▶

💬Community

Bugzilla

CVE-2018-1000168 nghttp2: Null pointer dereference when too large ALTSVC frame is received↗2018-04-09

▶