Detections
Analytics

Schneider Electric Modicon Controllers Uncaught Exception (CVE-2018-7843)

high Tenable OT Security Plugin ID 500246

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Schneider Electric has identified the following specific mitigations users can apply to reduce risk. Please see SEVD-2019-134-11 for detailed update steps.

Modicon M580:

- A fix is available for (CVE-2018-7846, CVE-2018-7849, CVE-2018-7848, CVE-2018-7842, CVE-2018-7845, CVE-2018-7847, CVE-2018-7850, CVE-2018-7853, CVE-2018-7854, CVE-2018-7856, CVE-2018-7857, CVE-2019-6808, CVE-2019-6828, CVE-2019-6829, CVE-2019-6830, CVE-2019-6809) on Modicon M580 firmware V3.10.
- A fix is available for (CVE-2018-7843, CVE-2018-7852, CVE-2019-6807) on Modicon M580 firmware V2.80.

Modicon M340:

- A fix is available for (CVE-2018-7846, CVE-2018-7849, CVE-2018-7843, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7845, CVE-2018-7852, CVE-2018-7854, CVE-2018-7856, CVE-2019-6807, CVE-2019-6808, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809) on Modicon M340 firmware V3.20.

Modicon MC80:

- A fix is available for (CVE-2018-7857) on Modicon MC80 (part numbers BMKC80*).

Modicon Premium Modicon Momentum Unity M1E Processor:

- A fix is available for (CVE-2019-6807, CVE-2018-7857) on (part numbers 171CBU*) <SV2.6.

Modicon Quantum:

- A fix is available for (CVE-2018-7845, CVE-2018-7856) on Modicon Quantum V3.60.
- There is no fix available for (CVE-2018-7842, CVE-2018-7843, CVE-2018-7844, CVE-2018-7846, CVE-2018-7847, CVE-2018-7848, CVE-2018-7849, CVE-2018-7850, CVE-2018-7852, CVE-2018-7855, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2019-6809, CVE-2019-6828). Schneider Electric's Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, the most current product offer. Users should strongly consider migrating to the Modicon M580 ePAC. Please contact a local Schneider Electric technical support for more information.

Modicon Premium:

- A fix is available for (CVE-2018-7845, CVE-2018-7856) on Modicon Premium V3.20, please contact Schneider Electric customer support to get the V3.20 firmware.
- There is no fix available for (CVE-2018-7842, CVE-2018-7843, CVE-2018-7844, CVE-2018-7847, CVE-2018-7848, CVE-2018-7849, CVE-2018-7850, CVE-2018-7852, CVE-2018-7855, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2019-6809, CVE-2019-6828). Schneider Electric's Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, the most current product offer. Users should strongly consider migrating to the Modicon M580 ePAC. Please contact a local Schneider Electric technical support for more information.

PLC Simulator for EcoStruxure Control Expert:

- A fix is available for (CVE-2018-7857) on PLC Simulator.

Schneider Electric recommends the following to help mitigate weaknesses in the management of Modbus protocol:

- Set up an application password in the project properties.
- Set up network segmentation and implement a firewall to block all unauthorized access to Port 502/TCP.
- Configure the access control list following the recommendations of user manuals.
- Set up secure communication according to the guidelines for the product.
- Consider use of an external firewall device.
- Please see SEVD-2019-134-11 for detailed mitigation information.

For more information see the associated Schneider Electric security advisory Modicon Controllers - SEVD-2019-134-11 PDF Version, Modicon Controllers - SEVD-2019-134-11 CSAF Version.

Schneider Electric strongly recommends the following industry cybersecurity best practices:

- Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
- Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
- Place all controllers in locked cabinets and never leave them in the "Program" mode.
- Never connect programming software to any network other than the network for the devices that it is intended.
- Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
- Never allow laptops that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
- Minimize network exposure for all control system devices and systems, and ensure that they are not accessible from the Internet.
- When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.

See Also

http://www.nessus.org/u?7af3a1b8

http://www.nessus.org/u?a432fe19

https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01

Plugin Details

Severity: High

ID: 500246

File Name: tenable_ot_schneider_CVE-2018-7843.nasl

Version: 1.7

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 2/14/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-7843

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:schneider-electric:modicon_m340_series_firmware, cpe:/o:schneider-electric:modicon_m580_series_firmware, cpe:/o:schneider-electric:modicon_premium_firmware, cpe:/o:schneider-electric:modicon_quantum_firmware

Required KB Items: Tenable.ot/Schneider

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/22/2019

Vulnerability Publication Date: 5/22/2019

Reference Information

CVE: CVE-2018-7843

CWE: 125