CVE-2018-7851

Name of the Vulnerable Software and Affected Versions Modicon M580 versions prior to V2.50 Modicon M340 versions prior to V3.01 BMxCRA312xx versions prior to V2.40 Modicon Premium (all firmware versions) 140CRA312xxx (all firmware versions)

Description The issue is related to buffer errors in the firmware of certain Modicon programmable logic controllers. Exploitation of this issue could allow a remote attacker to cause a denial of service by sending a specially crafted Modbus packet, forcing the device to restart to restore availability.

Recommendations For Modicon M580 versions prior to V2.50, update the firmware to V2.50 or later. For Modicon M340 versions prior to V3.01, update the firmware to V3.01 or later. For BMxCRA312xx versions prior to V2.40, update the firmware to V2.40 or later. For Modicon Premium and 140CRA312xxx, consider restricting access to the Modbus protocol until a firmware update is available. As a temporary workaround, consider implementing network segmentation to limit the attack surface.