PatchSiren cyber security CVE debrief
CVE-2018-7844 Schneider Electric CVE debrief
CVE-2018-7844 is an information exposure issue in Schneider Electric Modicon controller ecosystems. According to the advisory, reading memory blocks from affected controllers over Modbus could disclose SNMP information. The risk is highest in networks where Modbus services are reachable across insufficiently segmented OT or enterprise environments, especially on port 502/TCP. Schneider Electric’s guidance focuses on access control, segmentation, secure communications, and product-specific mitigations; some legacy product lines are end-of-life and have no fix planned.
- Vendor
- Schneider Electric
- Product
- Modicon M580 Controller
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2019-05-14
- Original CVE updated
- 2026-04-23
- Advisory published
- 2019-05-14
- Advisory updated
- 2026-04-23
Who should care
Industrial control system operators, OT network/security teams, plant engineers, and administrators responsible for Schneider Electric Modicon M580, M340, Quantum, Quantum Safety, and Premium deployments.
Technical summary
The advisory describes an information disclosure condition in which Modbus reads of controller memory blocks can reveal SNMP-related information. The supplied record lists affected Schneider Electric Modicon product families including M580, M340, Quantum, Quantum Safety, and Premium. Mitigations call out restricting access to Modbus on port 502/TCP, using access control lists, enabling application passwords, and using secure communications/IPsec or firewall/VPN controls where supported. For Quantum, Quantum Safety, and Premium products, the notice states no fix is planned because those lines are end of life.
Defensive priority
High priority for OT environments where affected Modicon controllers are reachable from broader networks or where Modbus access is not tightly controlled. Treat as an immediate hardening task for exposed controllers and as a migration decision for end-of-life product lines.
Recommended defensive actions
- Block unauthorized access to Modbus services on port 502/TCP with firewall rules and OT segmentation.
- Apply vendor-recommended access control lists and project/application password protections where supported.
- Enable secure communications or IPsec-based protections using the vendor-documented modules and procedures for supported platforms.
- For end-of-life Quantum, Quantum Safety, and Premium deployments, plan migration to supported platforms and retain compensating controls until replacement.
- Review controller exposure paths from IT networks, remote access links, and vendor/service connections to ensure Modbus is not broadly reachable.
- Follow the Schneider Electric advisory and product manuals referenced in the official notice for product-specific mitigation steps.
Evidence notes
The supplied CISA CSAF source and Schneider Electric references state that an information exposure vulnerability can disclose SNMP information when reading memory blocks from the controller over Modbus. The remediation text specifically calls out network segmentation, blocking port 502/TCP, ACL configuration, application passwords, and secure communications/IPsec guidance. The source record also indicates that Quantum, Quantum Safety, and Premium products are end of life with no fix planned. The public advisory date in the supplied timeline is 2019-05-14.
Official resources
-
CVE-2018-7844 CVE record
CVE.org
-
CVE-2018-7844 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory date: 2019-05-14. The supplied record’s timeline should be used for issue context, not the later modified date.