CVE-2018-7845

Name of the Vulnerable Software and Affected Versions Modicon M580 (affected versions not specified) Modicon M340 (affected versions not specified) Modicon Quantum (affected versions not specified) Modicon Premium (affected versions not specified)

Description A CWE-125: Out-of-bounds Read issue exists, which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus. The vulnerability is related to a buffer read out-of-bounds condition and can be exploited remotely, allowing an attacker to reveal protected information when reading certain memory blocks in the controller via the Modbus protocol.

Recommendations For Modicon M580, update to a version that fixes the out-of-bounds read issue. For Modicon M340, update to a version that fixes the out-of-bounds read issue. For Modicon Quantum, update to a version that fixes the out-of-bounds read issue. For Modicon Premium, update to a version that fixes the out-of-bounds read issue. As a temporary workaround, consider restricting access to the Modbus protocol to minimize the risk of exploitation.