Lucene search
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OT_500311.NASLHistoryNov 08, 2019 - 12:00 a.m.
Schneider-electric Modicom Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
2019-11-0800:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
0.004 Low
EPSS
Percentile
72.6%
Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.
File data ot_500311.nasl| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | modicom_m340_firmware | * | cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_m340 | - | cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:* |
| schneider-electric | modicom_premium_firmware | * | cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_premium | * | cpe:2.3:h:schneider-electric:modicom_premium:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_quantum_firmware | * | cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_quantum | * | cpe:2.3:h:schneider-electric:modicom_quantum:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_bmxnor0200h_firmware | * | cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_bmxnor0200h | - | cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2018-7830
2018-11-30 19:00:00
prion
prion
Crlf injection
2018-11-30 19:29:00
cve
cve
CVE-2018-7830
2018-11-30 19:29:00
nessus
nessus
Schneider Electric Modicon HTTP Request/Response Splitting (CVE-2018-7830)
2022-02-07 00:00:00
nvd
nvd
CVE-2018-7830
2018-11-30 19:29:00