CRITICAL🇵🇱 Wersja polska

CVE-2018-7809

CVSS 9.8v3.0pub. 2018-11-30upd. 2024-11-21

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Modicom Bmxnor0200h

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Bmxnor0200h Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom M340

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom M340 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Premium

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Premium Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Quantum

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicom Quantum Firmware

    OS
    Schneider-Electric
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-7811CRITICAL9.8ten sam produkt

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Q...

CVE-2018-7812HIGH7.5ten sam produkt

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M3...

CVE-2018-7833HIGH7.5ten sam produkt

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in al...

CVE-2018-7830HIGH7.5ten sam produkt

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in ...

CVE-2018-7831HIGH8.8ten sam produkt

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the e...