CVE-2018-7854

Name of the Vulnerable Software and Affected Versions Modicon M580 (affected versions not specified) Modicon M340 (affected versions not specified) Modicon Quantum (affected versions not specified) Modicon Premium (affected versions not specified)

Description A vulnerability exists in the software of the Modicon programmable logic controller related to an uncaught exception. This issue could cause a denial of service when sending invalid debug parameters to the controller over Modbus. The vulnerability can be exploited remotely.

Recommendations For Modicon M580, update to a version that includes a fix for this issue, if available. For Modicon M340, update to a version that includes a fix for this issue, if available. For Modicon Quantum, update to a version that includes a fix for this issue, if available. For Modicon Premium, update to a version that includes a fix for this issue, if available. As a temporary workaround, consider restricting access to the Modbus protocol to minimize the risk of exploitation. Avoid using invalid debug parameters in the Modbus protocol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.