Intrusion Prevention

Schneider.Electric.Modicon.M580.0x34.Information.Disclosure

Description

This indicates an attack attempt against an Information Disclosure vulnerability in Schneider Electric Modicon M580.
The vulnerability is caused by a design issue when the vulnerable software handles a crafted Modbus request. It allows remote attackers to retrieve sensitive information within the context of the application, via a crafted Modbus request.

Affected Products

Schneider Electric Modicon M340
Schneider Electric Modicon M580

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

CVE References

CVE-2018-7848