VDB

CVE-2018-7838

CVE-2018-7838 PUBLISHED CVSS 7.800000190734863 HIGH

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

EPSS 0.37% · 59.0th percentile

Risk Scores

CVSS v2.0
7.800000190734863
EPSS Score
0.37%
59.0th percentile

Affected Products

VendorProductVersions
schneider-electricmodicon_m580_bmep583040_firmware0
schneider-electricmodicon_m580_bmep583020_firmware0
schneider-electricmodicon_m580_bmep582040_firmware0
ModiconModicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16
schneider-electricbmeh586040_firmware0
schneider-electricmodicon_m580_bmep581020_firmware0
schneider-electricbmeh582040_firmware0
schneider-electricmodicon_m580_bmep586040_firmware0
schneider-electricmodicon_m580_bmep582020_firmware0
schneider-electricmodicon_m580_bmep584020_firmware0
schneider-electricmodicon_m580_bmep585040_firmware0
schneider-electricbmenoc0301_firmware0
schneider-electricmodicon_m580_bmep584040_firmware0
schneider-electricmodicon_m580_bmep582040s_firmware0

Exploit Intelligence

Timeline

  • May 16, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›