CVE-2018-7838

Name: CVE-2018-7838
Creator: NVD / NIST
Published: 2019-07-15T21:15:10.477+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.12%

Last modified Jun 17, 2026

CVE-2018-7838 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.. EPSS estimates a 1.12% chance of exploitation in the next 30 days.

Description

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

1.12%

61.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Schneider-Electric	Bmenoc0301 Firmware	< 2.16
Schneider-Electric	Modicon M580 Bmep584040 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep586040 Firmware	< 2.90
Schneider-Electric	Bmeh586040 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep581020 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep582020 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep582040 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep583020 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep583040 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep584020 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep585040 Firmware	< 2.90
Schneider-Electric	Modicon M580 Bmep582040s Firmware	< 2.90
Schneider-Electric	Bmeh582040 Firmware	< 2.90

References

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03Vendor Advisory
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03Vendor Advisory

Timeline

Published: Jul 15, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-7838?

How severe is CVE-2018-7838?

CVE-2018-7838 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.12% probability of exploitation in the next 30 days.

How do I fix CVE-2018-7838?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7838?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST