HIGH🇬🇧 English

CVE-2018-7830

CVSS 7.5v3.0pub. 2018-11-30upd. 2024-11-21

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Schneider Electric Modicom Bmxnor0200h

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Bmxnor0200h Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom M340

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom M340 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Premium

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Premium Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Quantum

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Quantum Firmware

    OS
    Schneider-Electric
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2018-7811CRITICAL9.8ten sam produkt

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Q...

CVE-2018-7809CRITICAL9.8ten sam produkt

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Q...

CVE-2018-7812HIGH7.5ten sam produkt

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M3...

CVE-2018-7833HIGH7.5ten sam produkt

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in al...

CVE-2018-7831HIGH8.8ten sam produkt

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the e...