CVE-2018-7838 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2018-7838

Analyzed

More Info Official Page

Source-cybersecurity@se.com

Published At-15 Jul, 2019 | 21:15

Updated At-19 Apr, 2022 | 15:36

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

Schneider Electric SE

>>bmenoc0301_firmware>>Versions before 2.16(exclusive)

cpe:2.3:o:schneider-electric:bmenoc0301_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>bmenoc0301>>-

cpe:2.3:h:schneider-electric:bmenoc0301:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep584040_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>bmeh584040>>-

cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*

Schneider Electric SE

>>bmeh584040c>>-

cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep584040>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep584040s>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep586040_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep586040>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep586040c>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*

Schneider Electric SE

>>bmeh586040_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:bmeh586040_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>bmeh586040>>-

cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*

Schneider Electric SE

>>bmeh586040c>>-

cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep581020_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep581020>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep581020h>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep582020_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep582020>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep582020h>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep582040_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep582040>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep582040h>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep583020_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep583020>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep583040_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep583040>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep584020_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep584020>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep585040_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep585040>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep585040c>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep582040s_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m580_bmep582040s>>-

cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*

Schneider Electric SE

>>bmeh582040_firmware>>Versions before 2.90(exclusive)

cpe:2.3:o:schneider-electric:bmeh582040_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>bmeh582040>>-

cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*

Schneider Electric SE

>>bmeh582040c>>-

cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov
CWE-119	Secondary	cybersecurity@se.com

References

Hyperlink	Source	Resource
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03	cybersecurity@se.com	Vendor Advisory