Lucene search

[email protected]NVD:CVE-2018-7833

HistoryDec 17, 2018 - 10:29 p.m.

CVE-2018-7833

2018-12-1722:29:00

CWE-754

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.6%

JSON

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable

Affected configurations

NVD

Node

schneider-electricmodicom_m340_firmware

AND

schneider-electricmodicom_m340Match-

Node

schneider-electricmodicom_premium_firmware

AND

schneider-electricmodicom_premium

Node

schneider-electricmodicom_quantum_firmware

AND

schneider-electricmodicom_quantum

Node

schneider-electricmodicom_bmxnor0200h_firmware

AND

schneider-electricmodicom_bmxnor0200hMatch-

References

www.schneider-electric.com/en/download/document/SEVD-2018-327-01/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.6%

JSON

Related for NVD:CVE-2018-7833

nessus2 cvelist1 cve1 prion1