CVE-2018-7847 Information
Feb 14, 2021
cve
Description
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580 Modicon M340 Modicon Quantum and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: