The vulnerability of FTP servers of microprogrammed software-controlled Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 allows a intruder to gain access to the devices.

🗓️ 14 Jun 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

FTP server vulnerability on Schneider Electric Modicon controllers allows remote access via preinstalled credentials.

Reporter	Title	Published	Views	Family All 11
Tenable Nessus	Schneider Electric Modicon Multiple Controllers Hardcoded Credentials	8 May 201900:00	–	nessus
Tenable Nessus	Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Use of Hard-Coded Credentials (CVE-2018-7241)	29 Jun 202300:00	–	nessus
CNVD	Schneider Electric uses hard-coded certificate vulnerability in several products	28 Mar 201800:00	–	cnvd
CVE	CVE-2018-7241	18 Apr 201820:00	–	cve
Cvelist	CVE-2018-7241	18 Apr 201820:00	–	cvelist
ICS	Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200	27 Mar 201800:00	–	ics
NCSC	Vulnerabilities fixed in Schneider Electric products	14 May 202100:00	–	ncsc
NVD	CVE-2018-7241	18 Apr 201820:29	–	nvd
Prion	Hardcoded credentials	18 Apr 201820:29	–	prion
Positive Technologies	PT-2018-1294 · Schneider Electric · Modicon M340 +3	22 Mar 201800:00	–	ptsecurity

Source	Link
securityfocus	www.securityfocus.com/bid/103542
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-18-086-01
schneider-electric	www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
securitylab	www.securitylab.ru/news/492333.php
web	www.web.nvd.nist.gov/view/vuln/detail
securitylab	www.securitylab.ru/lab/PT-2018-16

23 Mar 2021 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 39.8

CVSS 210

EPSS0.00552

Schneider Electric Modicon Modicon Premium Modicon Quantum Modicon M340 Modicon BMXNOR0200 FTP vulnerability Preinstalled credentials