PatchSiren cyber security CVE debrief
CVE-2018-7853 Schneider Electric CVE debrief
CVE-2018-7853 is a denial-of-service vulnerability in Schneider Electric Modicon M580 firmware. According to the advisory, an uncaught exception can occur when the controller reads invalid physical memory blocks over Modbus, which can disrupt controller availability. The source advisory was originally published on 2019-05-14 and later revised with updated remediation guidance.
- Vendor
- Schneider Electric
- Product
- Modicon M580 Firmware Versions prior to v2.90 installed on Modicon M580 Controller
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2019-05-14
- Original CVE updated
- 2026-04-23
- Advisory published
- 2019-05-14
- Advisory updated
- 2026-04-23
Who should care
OT security teams, PLC engineers, plant operators, and asset owners running Schneider Electric Modicon M580 controllers or managing EcoStruxure Control Expert projects should care most. This is especially important where Modbus/TCP is reachable from plant or enterprise networks.
Technical summary
The advisory states that Modicon M580 firmware versions prior to v2.90 are affected when invalid physical memory blocks are read over Modbus, causing an uncaught exception and denial of service. Schneider Electric’s remediation guidance includes updating the engineering workstation to EcoStruxure Control Expert v16.0, updating the controller to M580 firmware SV4.20 or above, rebuilding and retransferring projects, and applying defensive controls such as application passwords, network segmentation, ACLs, port 502/TCP filtering, secured communications, and memory protection where applicable.
Defensive priority
High
Recommended defensive actions
- Upgrade Modicon M580 controller firmware to SV4.20 or above, as directed in the vendor remediation guidance.
- Update EcoStruxure Control Expert to v16.0 before rebuilding and transferring controller projects.
- Set an application password in project properties and rebuild/retransfer affected projects.
- Restrict and segment OT network access; block unauthorized access to Modbus/TCP port 502 where feasible.
- Review and apply Schneider Electric ACL and secure communications guidance, including IPsec options where supported.
- Enable M580 CPU memory protection where applicable, noting the advisory’s limitation for Hot Standby CPUs.
Evidence notes
The key evidence comes from the Schneider Electric/CISA advisory and the linked vendor notice. The advisory describes an uncaught exception that can cause denial of service when reading invalid physical memory blocks in the controller over Modbus, and it scopes affected M580 firmware to versions prior to v2.90. The remediation text explicitly calls for firmware SV4.20 or above, EcoStruxure Control Expert v16.0, and defensive measures including application passwords, segmentation, ACLs, secured communications, and memory protection. The source record also includes a CVSS v4.0 base score of 8.7 (High) and a CVSS v3.1 vector, so the scoring metadata should be read carefully alongside the advisory text.
Official resources
-
CVE-2018-7853 CVE record
CVE.org
-
CVE-2018-7853 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the Schneider Electric/CISA advisory on 2019-05-14 (ICSA-25-114-01), with later revisions updating remediation details through 2020-12-08.