CVE-2018-7849

Name of the Vulnerable Software and Affected Versions Modicon M580 versions (affected versions not specified) Modicon M340 versions (affected versions not specified) Modicon Quantum versions (affected versions not specified) Modicon Premium versions (affected versions not specified)

Description The issue is related to an uncaught exception in the programmable logic controller's software, which can be exploited by a remote attacker to cause a denial of service. This occurs when the controller improperly checks the integrity of files sent over the Modbus protocol, specifically when the files have incorrect checksums.

Recommendations For Modicon M580, update the software to a version that properly handles exceptions and checks data integrity. For Modicon M340, implement a workaround to correctly validate the integrity of files sent over Modbus. For Modicon Quantum, restrict access to the Modbus protocol until a patch is available that fixes the improper data integrity check. For Modicon Premium, consider disabling the Modbus protocol temporarily until a software update is released that addresses the uncaught exception vulnerability.