FKIE_CVE-2018-7240

Vulnerability from fkie_nvd - Published: 2018-04-18 20:29 - Updated: 2024-11-21 04:11
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
References
cybersecurity@se.comhttp://www.securityfocus.com/bid/103541Third Party Advisory, VDB Entry
cybersecurity@se.comhttps://ics-cert.us-cert.gov/advisories/ICSA-18-086-01Third Party Advisory, US Government Resource
cybersecurity@se.comhttps://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103541Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric 140cpu65150_firmware -
schneider-electric 140cpu65150 -
schneider-electric 140cpu31110_firmware -
schneider-electric 140cpu31110 -
schneider-electric 140cpu43412u_firmware -
schneider-electric 140cpu43412u -
schneider-electric 140cpu65160_firmware -
schneider-electric 140cpu65160 -
schneider-electric 140cpu65260_firmware -
schneider-electric 140cpu65260 -
schneider-electric 140cpu65860_firmware -
schneider-electric 140cpu65860 -
schneider-electric 140cpu65160s_firmware -
schneider-electric 140cpu65160s -
schneider-electric 140cpu65150c_firmware -
schneider-electric 140cpu65150c -
schneider-electric 140cpu31110c_firmware -
schneider-electric 140cpu31110c -
schneider-electric 140cpu43412uc_firmware -
schneider-electric 140cpu43412uc -
schneider-electric 140cpu65160c_firmware -
schneider-electric 140cpu65160c -
schneider-electric 140cpu65160c_firmware -
schneider-electric 140cpu65160c -
schneider-electric 140cpu65260c_firmware -
schneider-electric 140cpu65260c -
schneider-electric 140cpu65860c_firmware -
schneider-electric 140cpu65860c -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7003BE27-3D26-46F9-BF51-5E026EA2AED6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu31110_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37B3D0A-D1AA-494F-B26B-70BA8D1E8D6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu31110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F363F812-4BF2-450C-BC40-48A136746B9E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu43412u_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B36E6DC-D407-4A3B-9ED3-1683EEE83299",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu43412u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B87C8629-A8CF-4B8E-AB03-0425C30A40C3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E092BBB-F315-4541-B8B2-BF9E1B75B041",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D5F2BE6-CF9E-48BB-B525-6B8F4C0B203E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65860_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FECDF56E-7F6B-4048-AAAA-0D80C685F6D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8230FD-0C0A-467C-9BAD-09257739D462",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "616C2139-6063-4BB1-84C0-AECDBB9EC86C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E48F27-F241-4491-AFF7-8BD562F21A52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65150c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA5A94A-09A0-4606-8DAE-0CDE1A372483",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65150c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A2EB59-CCEE-4123-8344-764959B32C3C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu31110c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEE31953-8AEA-45AB-81A1-BCE9AC78A48D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu31110c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B887DA-75CD-465C-8B02-4DF1A063F3B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu43412uc_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F9986A-4089-429E-BFD7-131C3BE98B9E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu43412uc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38AC4E35-E020-4E54-B1F7-01F4A9D9DEC7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A75F5C8-3341-4C4A-8660-F002AD07702F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9B6A4-BAA6-4982-A27B-2B9D5F0E7178",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A75F5C8-3341-4C4A-8660-F002AD07702F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9B6A4-BAA6-4982-A27B-2B9D5F0E7178",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65260c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BE1F4A9-D2EA-4A5B-8F9A-EFD961D4F49D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65260c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "106C756F-1A0D-486F-BA83-F1F6D9D5661E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65860c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1472068B-ECE2-46F4-AC91-43F5AFCA8C52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65860c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E33E1CF-BD62-4638-AD44-30A19063FCD5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability exists in Schneider Electric\u0027s Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad en Modicon Quantum, de Schneider Electric, en todas las versiones de los m\u00f3dulos de comunicaci\u00f3n que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario. Un comando FTP usado para actualizar el firmware del m\u00f3dulo puede emplearse err\u00f3neamente para provocar una denegaci\u00f3n de servicio (DoS) o, en casos extremos, cargar un firmware malicioso."
    }
  ],
  "id": "CVE-2018-7240",
  "lastModified": "2024-11-21T04:11:51.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-18T20:29:00.247",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103541"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.