HIGH🇬🇧 English

CVE-2018-7831

CVSS 8.8v3.0pub. 2018-11-30upd. 2024-11-21

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Schneider Electric Modicom Bmxnor0200h

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Bmxnor0200h Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom M340

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom M340 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Premium

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Premium Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Quantum

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Quantum Firmware

    OS
    Schneider-Electric
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2018-7811CRITICAL9.8ten sam produkt

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Q...

CVE-2018-7809CRITICAL9.8ten sam produkt

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Q...

CVE-2018-7812HIGH7.5ten sam produkt

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M3...

CVE-2018-7833HIGH7.5ten sam produkt

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in al...

CVE-2018-7830HIGH7.5ten sam produkt

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in ...