CVE-2018-7758

Published: Apr 18, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number.

Affected (23)

Products: Schneider Electric: Micom P141 Firmware, Micom P142 Firmware, Micom P143 Firmware, Micom P145 Firmware, Micom P642 Firmware, Micom P643 Firmware, Micom P645 Firmware, Micom P849 Firmware, Micom P746 Firmware, Micom P841a Firmware, Micom P841b Firmware, Micom P443 Firmware, Micom P445 Firmware, Micom P446 Firmware, Micom P441 Firmware, Micom P442 Firmware, Micom P444 Firmware, Micom P541 Firmware, Micom P542 Firmware, Micom P543 Firmware, Micom P544 Firmware, Micom P545 Firmware, Micom P546 Firmware

23 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P141 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P141	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P142 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P142	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P143 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P143	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P145 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P145	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P642 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P642	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P643 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P643	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P645 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P645	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P849 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P849	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P746 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P746	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P841a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P841a	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P841b Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P841b	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P443 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P443	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P445 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P445	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P446 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P446	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P441 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P441	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P442 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P442	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P444 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P444	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P541 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P541	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P542 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P542	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P543 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P543	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P544 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P544	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P545 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P545	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom P546 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Micom P546	All versions

Related CWEs

CWE-613

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (6)

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.