PatchSiren cyber security CVE debrief
CVE-2018-7848 Schneider Electric CVE debrief
CVE-2018-7848 is an information exposure issue in Schneider Electric Modicon controllers where reading files from the controller over Modbus could disclose SNMP information. The public advisory and CSAF material identify firmware fixes for some platforms and recommend network segmentation, access control, and application-password protections for exposed OT environments.
- Vendor
- Schneider Electric
- Product
- Modicon M580 Controller
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2019-05-14
- Original CVE updated
- 2026-04-23
- Advisory published
- 2019-05-14
- Advisory updated
- 2026-04-23
Who should care
OT and industrial control system operators using Schneider Electric Modicon M580, M340, Quantum, Quantum Safety, or Premium controllers; engineering teams managing EcoStruxure Control Expert projects; and defenders responsible for Modbus-exposed PLC networks.
Technical summary
The source advisory describes a disclosure flaw tied to reading controller files over Modbus, with SNMP information potentially exposed. Affected products in the corpus include Modicon M580 firmware prior to v2.90, Modicon M340 firmware prior to v3.10, and all versions of Modicon Quantum Safety and Premium firmware; the advisory also lists Quantum as affected. Schneider Electric provides fixes for M580 (SV4.20 or above) and M340 (v3.60 or above), while Quantum and Premium are listed as end-of-life with no fix planned. Recommended mitigations include setting an application password, restricting access to port 502/TCP, using ACLs, and applying secure communication or VPN/firewall protections where appropriate.
Defensive priority
Medium overall, higher if Modbus access is reachable from untrusted networks or if the affected controller is exposed in production OT segments.
Recommended defensive actions
- Update affected Schneider Electric firmware to the vendor-fixed versions where available: M580 SV4.20 or above and M340 v3.60 or above.
- Update EcoStruxure Control Expert projects to match the controller firmware version, set an application password, rebuild, and transfer projects as directed by the vendor.
- Restrict or segment Modbus traffic and block unauthorized access to TCP port 502.
- Configure access control lists according to the vendor manuals referenced in the advisory.
- Use secure communications, VPN, firewall, or IPsec guidance from the Schneider Electric reference materials when applicable.
- For Quantum and Premium systems, plan migration because the advisory lists them as end-of-life with no fix planned.
Evidence notes
The source corpus states that the vulnerability can disclose SNMP information when reading controller files over Modbus. The Schneider Electric advisory and CISA CSAF revision history show publication on 2019-05-14, with later advisory updates and product-specific remediation changes in subsequent revisions. The corpus also contains a CVSS v4.0 8.2 High statement in the advisory text, while the structured CVE object lists CVSS 5.9 Medium; this debrief preserves both as a source-corpus inconsistency rather than normalizing them.
Official resources
-
CVE-2018-7848 CVE record
CVE.org
-
CVE-2018-7848 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2019-05-14 in the source advisory and CVE record. The advisory timeline in the corpus shows later revisions through 2020-12-08 for remediation and mitigation updates.