CVE-2018-7793

Published: Dec 24, 2018Modified: Nov 21, 2024

8.7

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission.

Affected (4)

Products: Schneider Electric: Foxboro Dcs, Foxboro Evo, Foxview, Ia Series

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Foxboro Dcs	Before ccs_9.4
Schneider Electric Foxboro Evo	Before ccs_9.4
Schneider Electric Foxview	Version 10.5
Schneider Electric Ia Series	Before ccs_9.4

References (2)

https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.