{ "id": "CVE-2018-7838", "sourceIdentifier": "cybersecurity@se.com", "published": "2019-07-15T21:15:10.477", "lastModified": "2022-04-19T15:36:25.013", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service." }, { "lang": "es", "value": "Una CWE-119: Existe una vulnerabilidad de Errores de B\u00fafer en la CPU M580 - BMEP582040 de Modicon , todas las versiones anteriores a la V2.90, y el m\u00f3dulo Ethernet BMENOC0301 de Modicon, todas las versiones anteriores a la V2.16, lo que podr\u00eda causar la denegaci\u00f3n de servicio en el servicio FTP del controlador o M\u00f3dulo Ethernet BMENOC cuando recibe un comando CWD de FTP con una longitud de datos superior a 1020 bytes. Se necesita entonces un ciclo de energ\u00eda para reactivar el servicio FTP." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-119" } ] }, { "source": "cybersecurity@se.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-119" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmenoc0301_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.16", "matchCriteriaId": "CB75A465-BACD-417F-9E87-5EBDBEF6DE91" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmenoc0301:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE6DE336-F696-4C92-9244-315C154F2CE5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "97C706A8-BF41-4003-9A34-E7C5FCF3956F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "63D48211-A734-4F98-A4D5-569268335757" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "C7793E88-6E59-43E5-B313-A21D40B63B47" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmeh586040_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "90CB4BA4-B2B2-441C-A08F-EAB82A0E53DD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "38D22DD5-677B-42E8-AE1F-11601D4BF110" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "79907FE7-B4B0-4732-9287-B7ED13115F6C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "054142F8-E6AF-48A5-8548-194651EB16FB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "F93A877E-BB42-4530-AE81-5C0D727B8A26" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "B41AE173-2394-4508-A7DD-3166B6C0EBA0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "EDB6829A-AE69-4DDC-B705-A94C8C7ADDA6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "8762598D-F015-498D-B478-C0CA8ABCB11C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "0DA851AB-E6AD-4D84-AA3C-071E351C699F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "07A33F89-F53A-4DA0-8D21-2F7315A7E5E7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "7FCDF8B2-687C-436E-BAF9-654D94409FC7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:schneider-electric:bmeh582040_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "4166AE7D-36E9-4F72-868E-DC10DC071E99" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E6E5E62-BBA8-4370-A232-8E1196757C3E" }, { "vulnerable": false, "criteria": "cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769" } ] } ] } ], "references": [ { "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03", "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ] } ] }