Vulnerability-Lookup

BDU:2019-02117

Vulnerability from fstec - Published: 14.05.2019

Title

Уязвимость микропрограммного обеспечения программируемого логического контроллера Modicon, связанная с ошибками контроля границ буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость микропрограммного обеспечения программируемого логического контроллера Modicon связана с ошибками контроля границ буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании путем отправки специально подготовленного пакета Modbus

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Schneider Electric

Software Name

Modicon Premium, Modicon M340, Modicon M580, BMXP3420302CL, BMXP3420302H, BMXP342020H, BMXP342020, BMXP342000, BMXP341000, BMXP341000H, BMXP3420102, BMXP3420102CL, BMXP3420302, BMXCRA31210C, BMXCRA31210, BMXCRA31200, 140CRA312xxx, BMEH582040, BMEH582040C, BMEH584040, BMEH584040C, BMEH586040, BMEH586040C, BMEP581020, BMEP581020H, BMEP582020, BMEP582020H, BMEP582040, BMEP582040H, BMEP582040S, BMEP583020, BMEP583040, BMEP584020, BMEP584040, BMEP584040S, BMEP585040, BMEP585040C, BMEP586040, BMEP586040C

Software Version

- (Modicon Premium), до 3.01 (Modicon M340), до 2.50 (Modicon M580), до 2.40 (BMXP3420302CL), до 2.40 (BMXP3420302H), до 2.40 (BMXP342020H), до 2.40 (BMXP342020), до 2.40 (BMXP342000), до 2.40 (BMXP341000), до 2.40 (BMXP341000H), до 2.40 (BMXP3420102), до 2.40 (BMXP3420102CL), до 2.40 (BMXP3420302), до 2.40 (BMXCRA31210C), до 2.40 (BMXCRA31210), до 2.40 (BMXCRA31200), - (140CRA312xxx), до 2.40 (BMEH582040), до 2.40 (BMEH582040C), до 2.40 (BMEH584040), до 2.40 (BMEH584040C), до 2.40 (BMEH586040), до 2.40 (BMEH586040C), до 2.40 (BMEP581020), до 2.40 (BMEP581020H), до 2.40 (BMEP582020), до 2.40 (BMEP582020H), до 2.40 (BMEP582040), до 2.40 (BMEP582040H), до 2.40 (BMEP582040S), до 2.40 (BMEP583020), до 2.40 (BMEP583040), до 2.40 (BMEP584020), до 2.40 (BMEP584040), до 2.40 (BMEP584040S), до 2.40 (BMEP585040), до 2.40 (BMEP585040C), до 2.40 (BMEP586040), до 2.40 (BMEP586040C)

Possible Mitigations

Обновление программного обеспечения: Для Modicon M580 до V2.80: Для BMEP584040, BMEP584040S, BMEH584040 и C: https://www.schneider-electric.com/en/download/document/M580_BMEP584040_SV2.80/ Для BMEP586040 и C: https://www.schneider-electric.com/en/download/document/M580_BMEP586040_SV2.80/ Для BMEH586040 и C: https://www.schneider-electric.com/en/download/document/M580_BMEH586040_SV2.80/ Для BMEP581020 и H: https://www.schneider-electric.com/en/download/document/M580_BMEP581020_SV2.80/ Для BMEP582020 и H: https://www.schneider-electric.com/en/download/document/M580_BMEP582020_SV2.80/ Для BMEP582040 и H: https://www.schneider-electric.com/en/download/document/M580_BMEP582040_SV2.80/ Для BMEP583020: https://www.schneider-electric.com/en/download/document/M580_BMEP583020_SV2.80/ Для BMEP583040: https://www.schneider-electric.com/en/download/document/M580_BMEP583040_SV2.80/ Для BMEP584020: https://www.schneider-electric.com/en/download/document/M580_BMEP584020_SV2.80/ Для BMEP585040 и C: https://www.schneider-electric.com/en/download/document/M580_BMEP585040_SV2.80/ Для BMEP582040S: https://www.schneider-electric.com/en/download/document/M580_BMEP582040S_SV2.80/ Для BMEH582040 и C: https://www.schneider-electric.com/en/download/document/M580_BMEP582040_SV2.80 Для Modicon M340 до V3.01: Для BMXP3420302 и CL и H: https://www.schneider-electric.com/en/download/document/BMXP3420302_Firmwares/ Для BMXP342020 и H: https://www.schneider-electric.com/en/download/document/BMXP342020_Firmwares/ Для BMXP342000: https://www.schneider-electric.com/en/download/document/BMXP342000_Firmwares/ Для BMXP341000 и H: https://www.schneider-electric.com/en/download/document/BMXP341000_Firmwares/ Для BMXP3420102 и CL: https://www.schneider-electric.com/en/download/document/BMXP3420102_Firmwares/ Для BMXP3420302: https://www.schneider-electric.com/en/download/document/BMXP3420302_Firmwares/ Для BMX/E CRA до V2.40: Для BMXCRA31210C: https://www.schneider-electric.com/en/download/document/X80_BMXCRA31210_SV2.40/ Для BMXCRA31210 и C: https://www.schneider-electric.com/en/download/document/X80_BMECRA31210_SV2.40/ Для BMXCRA31200: https://www.schneider-electric.com/en/download/document/X80_BMXCRA31200_SV2.40/ Компенсирующие меры для Modicon Premium and 140CRA312xxx: Настройка сегментации сети и внедрение брандмауэра, чтобы заблокировать весь несанкционированный доступ к порту 502 / TCP

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-7851 https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Schneider Electric",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Modicon Premium), \u0434\u043e 3.01 (Modicon M340), \u0434\u043e 2.50 (Modicon M580), \u0434\u043e 2.40 (BMXP3420302CL), \u0434\u043e 2.40 (BMXP3420302H), \u0434\u043e 2.40 (BMXP342020H), \u0434\u043e 2.40 (BMXP342020), \u0434\u043e 2.40 (BMXP342000), \u0434\u043e 2.40 (BMXP341000), \u0434\u043e 2.40 (BMXP341000H), \u0434\u043e 2.40 (BMXP3420102), \u0434\u043e 2.40 (BMXP3420102CL), \u0434\u043e 2.40 (BMXP3420302), \u0434\u043e 2.40 (BMXCRA31210C), \u0434\u043e 2.40 (BMXCRA31210), \u0434\u043e 2.40 (BMXCRA31200), - (140CRA312xxx), \u0434\u043e 2.40 (BMEH582040), \u0434\u043e 2.40 (BMEH582040C), \u0434\u043e 2.40 (BMEH584040), \u0434\u043e 2.40 (BMEH584040C), \u0434\u043e 2.40 (BMEH586040), \u0434\u043e 2.40 (BMEH586040C), \u0434\u043e 2.40 (BMEP581020), \u0434\u043e 2.40 (BMEP581020H), \u0434\u043e 2.40 (BMEP582020), \u0434\u043e 2.40 (BMEP582020H), \u0434\u043e 2.40 (BMEP582040), \u0434\u043e 2.40 (BMEP582040H), \u0434\u043e 2.40 (BMEP582040S), \u0434\u043e 2.40 (BMEP583020), \u0434\u043e 2.40 (BMEP583040), \u0434\u043e 2.40 (BMEP584020), \u0434\u043e 2.40 (BMEP584040), \u0434\u043e 2.40 (BMEP584040S), \u0434\u043e 2.40 (BMEP585040), \u0434\u043e 2.40 (BMEP585040C), \u0434\u043e 2.40 (BMEP586040), \u0434\u043e 2.40 (BMEP586040C)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f:\n\u0414\u043b\u044f Modicon M580 \u0434\u043e V2.80:\n\u0414\u043b\u044f BMEP584040, BMEP584040S, BMEH584040 \u0438 C:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP584040_SV2.80/\n\n\u0414\u043b\u044f BMEP586040 \u0438 C:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP586040_SV2.80/\n\n\u0414\u043b\u044f BMEH586040 \u0438 C:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEH586040_SV2.80/\n\n\u0414\u043b\u044f BMEP581020 \u0438 H:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP581020_SV2.80/\n\n\u0414\u043b\u044f BMEP582020 \u0438 H:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP582020_SV2.80/\n\n\u0414\u043b\u044f BMEP582040 \u0438 H:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP582040_SV2.80/\n\n\u0414\u043b\u044f BMEP583020:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP583020_SV2.80/\n\n\u0414\u043b\u044f BMEP583040:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP583040_SV2.80/\n\n\u0414\u043b\u044f BMEP584020:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP584020_SV2.80/\n\n\u0414\u043b\u044f BMEP585040 \u0438 C:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP585040_SV2.80/\n\n\u0414\u043b\u044f BMEP582040S:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP582040S_SV2.80/\n\n\u0414\u043b\u044f BMEH582040 \u0438 C:\nhttps://www.schneider-electric.com/en/download/document/M580_BMEP582040_SV2.80\n\n\u0414\u043b\u044f Modicon M340 \u0434\u043e V3.01:\n\u0414\u043b\u044f BMXP3420302 \u0438 CL \u0438 H:\nhttps://www.schneider-electric.com/en/download/document/BMXP3420302_Firmwares/\n\n\u0414\u043b\u044f BMXP342020 \u0438 H:\nhttps://www.schneider-electric.com/en/download/document/BMXP342020_Firmwares/\n\n\u0414\u043b\u044f BMXP342000:\nhttps://www.schneider-electric.com/en/download/document/BMXP342000_Firmwares/\n\n\u0414\u043b\u044f BMXP341000 \u0438 H:\nhttps://www.schneider-electric.com/en/download/document/BMXP341000_Firmwares/\n\n\u0414\u043b\u044f BMXP3420102 \u0438 CL:\nhttps://www.schneider-electric.com/en/download/document/BMXP3420102_Firmwares/\n\n\u0414\u043b\u044f BMXP3420302:\nhttps://www.schneider-electric.com/en/download/document/BMXP3420302_Firmwares/\n\n\u0414\u043b\u044f BMX/E CRA \u0434\u043e V2.40:\n\u0414\u043b\u044f BMXCRA31210C:\nhttps://www.schneider-electric.com/en/download/document/X80_BMXCRA31210_SV2.40/\n\n\u0414\u043b\u044f BMXCRA31210 \u0438 C:\nhttps://www.schneider-electric.com/en/download/document/X80_BMECRA31210_SV2.40/\n\n\u0414\u043b\u044f BMXCRA31200:\nhttps://www.schneider-electric.com/en/download/document/X80_BMXCRA31200_SV2.40/\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b \u0434\u043b\u044f Modicon Premium and 140CRA312xxx:\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0438 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0435\u0441\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0440\u0442\u0443 502 / TCP",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.05.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.06.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02117",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-7851",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Modicon Premium, Modicon M340, Modicon M580, BMXP3420302CL, BMXP3420302H, BMXP342020H, BMXP342020, BMXP342000, BMXP341000, BMXP341000H, BMXP3420102, BMXP3420102CL, BMXP3420302, BMXCRA31210C, BMXCRA31210, BMXCRA31200, 140CRA312xxx, BMEH582040, BMEH582040C, BMEH584040, BMEH584040C, BMEH586040, BMEH586040C, BMEP581020, BMEP581020H, BMEP582020, BMEP582020H, BMEP582040, BMEP582040H, BMEP582040S, BMEP583020, BMEP583040, BMEP584020, BMEP584040, BMEP584040S, BMEP585040, BMEP585040C, BMEP586040, BMEP586040C",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 Modicon, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0433\u0440\u0430\u043d\u0438\u0446 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 Modicon \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0433\u0440\u0430\u043d\u0438\u0446 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 Modbus",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2018-7851\nhttps://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CVE-2018-7851 (GCVE-0-2018-7851)

Vulnerability from cvelistv5 – Published: 2019-05-22 19:56 – Updated: 2024-08-05 06:37

Summary

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.

Severity ?

No CVSS data available.

CWE

CWE-119 - Buffer errors

Assigner

schneider

References

URL

Tags

https://www.schneider-electric.com/en/download/do…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx	Affected: Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Buffer errors",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-22T19:56:24.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7851",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119: Buffer errors"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/",
              "refsource": "MISC",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7851",
    "datePublished": "2019-05-22T19:56:24.000Z",
    "dateReserved": "2018-03-08T00:00:00.000Z",
    "dateUpdated": "2024-08-05T06:37:59.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-02117

CVE-2018-7851 (GCVE-0-2018-7851)

Tags

Sightings

Nomenclature