CRITICAL🇵🇱 Wersja polska

CVE-2018-7847

CVSS 9.8v3.1pub. 2019-05-22upd. 2024-11-21

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Modicon M340

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Premium

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Premium Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Quantum

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Quantum Firmware

    OS
    Schneider-Electric
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoSAuth Bypass
CWE
References

Related vulnerabilities

CVE-2020-7475CRITICAL9.8ten sam produkt

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), ...

CVE-2018-7842CRITICAL9.8ten sam produkt

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon...

CVE-2018-7846CRITICAL9.8ten sam produkt

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of th...

CVE-2019-6808CRITICAL9.8ten sam produkt

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Mod...

CVE-2019-6815CRITICAL9.1ten sam produkt

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities...