1. CVE-Search
  2. CVE-2018-7240
ID CVE-2018-7240
Summary A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
References
Vulnerable Configurations
  • cpe:2.3:o:schneider-electric:140cpu65150_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu65150_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu31110_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu31110_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu31110:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu31110:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu43412u_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu43412u_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu43412u:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu43412u:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu65160_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu65160_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu65260_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu65260_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu65860_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu65860_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu65160s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu65160s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu65150c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu65150c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu65150c:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu65150c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu31110c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu31110c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu31110c:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu31110c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu43412uc_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu43412uc_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu43412uc:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu43412uc:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu65260c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu65260c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu65260c:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu65260c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:schneider-electric:140cpu65860c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:schneider-electric:140cpu65860c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:schneider-electric:140cpu65860c:-:*:*:*:*:*:*:*
    cpe:2.3:h:schneider-electric:140cpu65860c:-:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 103541
confirm https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
misc https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
Last major update 03-10-2019 - 00:03
Published 18-04-2018 - 20:29
Last modified 03-10-2019 - 00:03
Back to Top