Schneider Electric Modicon Controllers Improper Check For Unusual or Exceptional Conditions (CVE-2018-7794)

high Tenable OT Security Plugin ID 500342

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Schneider Electric has developed the following mitigations: Specific Modicon M580 firmware v3.10 is available at:

- BMEP584040
- BMEH584040 and C
- BMEP586040 and C
- BMEH586040 and C
- BMEP581020 and H
- BMEP582020 and H
- BMEP582040 and H
- BMEP583020
- BMEP583040
- BMEP584020
- BMEP585040 and C
- BMEH582040 and C
- BMEP584040S
- BMEH584040S
- BMEH586040S
- BMEP582040S

Modicon M340 firmware v3.20 is available at:

- BMXP3420302 and CL and H
- BMXP342020 and H
- BMXP342000
- BMXP341000 and H
- BMXP3420102 and CL
- BMXP3420302

Modicon Premium v3.20 firmware is available by contacting Schneider Electric customer support. Modicon Quantum firmware v3.60 is available at:

See Also

https://www.cisa.gov/news-events/ics-advisories/icsa-20-016-01

https://www.se.com/ww/en/download/document/SEVD-2019-344-01

Plugin Details

Severity: High

ID: 500342

Version: 1.9

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-7794

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:schneider-electric:tsxp57554m_firmware, cpe:/o:schneider-electric:140cpu65150_firmware, cpe:/o:schneider-electric:tsxh5724m_firmware, cpe:/o:schneider-electric:tsxp572634m_firmware, cpe:/o:schneider-electric:tsxp571634m_firmware, cpe:/o:schneider-electric:tsxp57454m_firmware, cpe:/o:schneider-electric:140cpu65260_firmware, cpe:/o:schneider-electric:140cpu67160s_firmware, cpe:/o:schneider-electric:tsxh5744m_firmware, cpe:/o:schneider-electric:tsxp57204m_firmware, cpe:/o:schneider-electric:140cpu67261_firmware:3, cpe:/o:schneider-electric:140cpu67260_firmware, cpe:/o:schneider-electric:140cpu65160_firmware, cpe:/o:schneider-electric:tsxp57154m_firmware, cpe:/o:schneider-electric:tsxp57304m_firmware, cpe:/o:schneider-electric:tsxp575634m_firmware, cpe:/o:schneider-electric:tsxp573634m_firmware, cpe:/o:schneider-electric:tsxp57354m_firmware, cpe:/o:schneider-electric:140cpu67861_firmware, cpe:/o:schneider-electric:140cpu65860_firmware, cpe:/o:schneider-electric:140cpu65160s_firmware, cpe:/o:schneider-electric:tsxp57104m_firmware, cpe:/o:schneider-electric:tsxp57254m_firmware, cpe:/o:schneider-electric:modicon_m340_series_firmware, cpe:/o:schneider-electric:tsxp574634m_firmware, cpe:/o:schneider-electric:modicon_m580_series_firmware, cpe:/o:schneider-electric:tsxp576634m_firmware, cpe:/o:schneider-electric:140cpu67060_firmware, cpe:/o:schneider-electric:140cpu67160_firmware

Required KB Items: Tenable.ot/Schneider

Exploit Ease: No known exploits are available

Patch Publication Date: 1/6/2020

Vulnerability Publication Date: 1/6/2020

Reference Information

CVE: CVE-2018-7794

CWE: 754

ICSA: 20-016-01