← Back

CVE-2018-7812

nvd nist
Published: Dec 17, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Affected (4)

Schneider Electric
4 products
Modicom M340 Firmware
Modicom Premium Firmware
Modicom Quantum Firmware
Modicom Bmxnor0200h Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom M340 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom M340
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Premium Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Premium
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Quantum Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Quantum
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Bmxnor0200h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Bmxnor0200h
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: cybersecurity@se.com
Third Party Advisory
Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.