← Back

CVE-2018-7809

nvd nist
Published: Nov 30, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.

Affected (4)

Schneider Electric
4 products
Modicom M340 Firmware
Modicom Premium Firmware
Modicom Quantum Firmware
Modicom Bmxnor0200h Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom M340 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom M340
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Premium Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Premium
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Quantum Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Quantum
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Bmxnor0200h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Bmxnor0200h
All versions

Related CWEs

CWE-640
Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (4)

Source: cybersecurity@se.com
Vendor Advisory
Source: cybersecurity@se.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.