PatchSiren cyber security CVE debrief
CVE-2018-7852 Schneider Electric CVE debrief
A network-reachable denial-of-service issue affects multiple Schneider Electric Modicon controller lines. According to the vendor and CISA advisory material in the source corpus, sending an invalid private command parameter over Modbus can trigger an uncaught exception in the controller and disrupt availability. The supplied record was published on 2019-05-14, and later advisory revisions clarified affected versions and remediation paths. Because these are industrial control systems, the primary impact is loss of controller availability rather than confidentiality or code execution.
- Vendor
- Schneider Electric
- Product
- Modicon M580 Firmware Versions prior to v2.80 installed on Modicon M580 Controller
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2019-05-14
- Original CVE updated
- 2026-04-23
- Advisory published
- 2019-05-14
- Advisory updated
- 2026-04-23
Who should care
OT operators, plant engineers, and security teams responsible for Schneider Electric Modicon M580, M340, Quantum, Premium, or related EcoStruxure Control Expert deployments—especially sites exposing Modbus/TCP or relying on legacy/EOL controller families.
Technical summary
The advisory describes an uncaught-exception condition in controller handling of an invalid private Modbus command parameter. A remote attacker who can reach Modbus/TCP on port 502 may be able to trigger a denial of service by causing the controller to fault or become unavailable. The vendor advisory lists multiple affected product families and provides branch-specific fixes and mitigations, including firmware updates, application passwords, ACLs, network segmentation, and secure communications/IPsec guidance.
Defensive priority
High
Recommended defensive actions
- Update affected firmware to the vendor-fixed version for each product line: Modicon M580 to SV4.20 or above, Modicon M340 to v3.60 or above, Modicon Quantum to v3.60, and Modicon Premium to v3.20 where applicable.
- Update EcoStruxure Control Expert as directed by the vendor and rebuild/transfer projects after changing the controller firmware version.
- Set an application password in project properties for controller applications.
- Restrict or block unauthorized access to Modbus/TCP port 502 with segmentation and firewall rules.
- Configure access control lists per Schneider Electric user manuals and follow the vendor secure-communications/IPsec guidance.
- For EOL Quantum and Premium systems, plan migration to supported platforms and reduce exposure immediately with network controls.
Evidence notes
The core vulnerability statement and remediation guidance come from Schneider Electric and CISA advisory material linked in the source corpus. The affected-systems and fix references are drawn from the CSAF advisory metadata and vendor notice. The source advisory history shows later revisions that corrected version information, so branch-specific remediation should be taken from the vendor documents rather than inferred from the CVE summary alone. PublishedAt in the supplied record is 2019-05-14T16:48:40Z; modifiedAt is a later record-maintenance timestamp and should not be treated as the vulnerability discovery date.
Official resources
-
CVE-2018-7852 CVE record
CVE.org
-
CVE-2018-7852 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published on 2019-05-14 by the advisory source record; later updates in the advisory history clarify affected versions and remediation. Use the supplied 2019-05-14 publication date as the CVE disclosure date.