Strix
26.1K

CVE-2018-7759

UnknownEPSS 1.05%

Last modified

CVE-2018-7759 is a vulnerability of currently unknown severity. A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.. EPSS estimates a 1.05% chance of exploitation in the next 30 days.

Description

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.

Metrics

EPSS Probability
1.05%

59.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Schneider-ElectricBmxnor0200 FirmwareAll versions
Schneider-ElectricBmxnor0200h FirmwareAll versions
Schneider-Electric140cpu65150 FirmwareAll versions
Schneider-Electric140cpu31110 FirmwareAll versions
Schneider-Electric140cpu43412u FirmwareAll versions
Schneider-Electric140cpu65160 FirmwareAll versions
Schneider-Electric140cpu65260 FirmwareAll versions
Schneider-Electric140cpu65860 FirmwareAll versions
Schneider-Electric140cpu65160s FirmwareAll versions
Schneider-Electric140cpu65150c FirmwareAll versions
Schneider-Electric140cpu31110c FirmwareAll versions
Schneider-Electric140cpu43412uc FirmwareAll versions
Schneider-Electric140cpu65160c FirmwareAll versions
Schneider-Electric140cpu65260c FirmwareAll versions
Schneider-Electric140cpu65860c FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp341000 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp342000 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp3420102 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp3420102cl FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp342020 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp3420302 FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp3420302cl FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp3420302h FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp342020h FirmwareAll versions
Schneider-ElectricModicon M340 Bmxp341000h FirmwareAll versions
Schneider-ElectricTsxh5724m FirmwareAll versions
Schneider-ElectricTsxh5744m FirmwareAll versions
Schneider-ElectricTsxp57104m FirmwareAll versions
Schneider-ElectricTsxp57154m FirmwareAll versions
Schneider-ElectricTsxp571634m FirmwareAll versions
Schneider-ElectricTsxp57204m FirmwareAll versions
Schneider-ElectricTsxp57254m FirmwareAll versions
Schneider-ElectricTsxp572634m FirmwareAll versions
Schneider-ElectricTsxp57304m FirmwareAll versions
Schneider-ElectricTsxp57354m FirmwareAll versions
Schneider-ElectricTsxp573634m FirmwareAll versions
Schneider-ElectricTsxp57454m FirmwareAll versions
Schneider-ElectricTsxp574634m FirmwareAll versions
Schneider-ElectricTsxp575634m FirmwareAll versions
Schneider-ElectricTsxp576634m FirmwareAll versions
Schneider-ElectricTsxh5724mc FirmwareAll versions
Schneider-ElectricTsxh5744mc FirmwareAll versions
Schneider-ElectricTsxp57104mc FirmwareAll versions
Schneider-ElectricTsxp57154mc FirmwareAll versions
Schneider-ElectricTsxp571634mc FirmwareAll versions
Schneider-ElectricTsxp57204mc FirmwareAll versions
Schneider-ElectricTsxp57254mc FirmwareAll versions
Schneider-ElectricTsxp572634mc FirmwareAll versions
Schneider-ElectricTsxp57304mc FirmwareAll versions
Schneider-ElectricTsxp57354mc FirmwareAll versions

Showing 50 of 57 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-7759?
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
How severe is CVE-2018-7759?
Severity scoring for CVE-2018-7759 is pending analysis. The EPSS model estimates a 1.05% probability of exploitation in the next 30 days.
How do I fix CVE-2018-7759?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7759?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST