CRITICAL🇬🇧 English

CVE-2018-7846

CVSS 9.8v3.1pub. 2019-05-22upd. 2024-11-21

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Modicon M340

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Premium

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Premium Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Quantum

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Quantum Firmware

    OS
    Schneider-Electric
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-7475CRITICAL9.8ten sam produkt

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), ...

CVE-2018-7842CRITICAL9.8ten sam produkt

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon...

CVE-2018-7847CRITICAL9.8ten sam produkt

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Mod...

CVE-2019-6808CRITICAL9.8ten sam produkt

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Mod...

CVE-2019-6815CRITICAL9.1ten sam produkt

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities...