← Back

CVE-2018-7804

nvd nist
Published: Dec 17, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.

Affected (4)

Schneider Electric
4 products
Modicom M340 Firmware
Modicom Premium Firmware
Modicom Quantum Firmware
Modicom Bmxnor0200h Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom M340 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom M340
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Premium Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Premium
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Quantum Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Quantum
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Bmxnor0200h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Bmxnor0200h
All versions

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.