← Back

CVE-2018-7833

nvd nist
Published: Dec 17, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable

Affected (4)

Schneider Electric
4 products
Modicom M340 Firmware
Modicom Premium Firmware
Modicom Quantum Firmware
Modicom Bmxnor0200h Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom M340 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom M340
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Premium Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Premium
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Quantum Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Quantum
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicom Bmxnor0200h Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicom Bmxnor0200h
All versions

Related CWEs

CWE-754
Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.