CVE-2018-7852
7.5 HIGHA CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premiu...
Published: 2019-05-22 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-248, CWE-755
Affected products
| Vendor | Product |
|---|---|
| schneider-electric | modicon_m340_firmware, modicon_m580_firmware, modicon_premium_firmware |
Description
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2018-7852
- [Vendor advisory]https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
- [Exploit reference]https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763
- [Vendor advisory]https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
- [Exploit reference]https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763
Related CVEs
Same vendor
- CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
- CVE-2022-0715 — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
- CVE-2021-22788 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
- CVE-2021-22787 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
- CVE-2021-22785 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)
Same CWE
- CVE-2026-46689 — Kanidm is an identity management platform
- CVE-2026-46545 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (7.5 HIGH)
- CVE-2026-46411 — FlashMQ is a MQTT broker/server, designed for multi-CPU environments (6.5 MEDIUM)
- CVE-2026-44505 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.3 MEDIUM)
- CVE-2023-43686 — An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later) (6.2 MEDIUM)