Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-7809)

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. This plugin only works with Tenable.ot. Please visit...

Schneider Electric Modicon Cross-site Scripting (CVE-2018-7831)

An Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a...

Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-7811)

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server This plugin only works with Tenable.ot. Please visit...

Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2018-7812)

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether...

Security Bulletin: Multiple Websphere Vulnerabilities Impact IBM Control Center (CVE-2018-3169, CVE-2014-7810, CVE-2018-1767)

Summary There are multiple vulnerabilities in Websphere that is used by Control Center. Vulnerability Details CVEID: CVE-2018-3169 refer to CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and...

Design/Logic Flaw

A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing...

Information disclosure

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether...

CVE-2018-7812

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether...

CVE-2018-7833

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...

Input validation

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...

CVE-2018-7812

CVE-2018-7812 affects Schneider Electric Modicon M340, Premium, Quantum PLCs and BMXNOR0200. The embedded web servers expose security-relevant information by returning different responses (information-disclosure via discrepancy), revealing state or operation outcomes. Affects confidentiality (par...

CVE-2018-7804

CVE-2018-7804 affects Schneider Electric Modicon devices: M340, Premium, Quantum PLCs and BMXNOR0200 with embedded web servers. The vulnerability is a URL redirection to an untrusted site triggered when a user clicks a specially crafted link. The issue is an open redirect in the web interface, en...

CVE-2018-7833

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...

CVE-2018-7833

CVE-2018-7833 affects the embedded web servers in Schneider Electric Modicon M340, Premium, Quantum PLCs and BMXNOR0200. A vulnerability described as an improper check for unusual or exceptional conditions allows an unauthenticated remote attacker to send specially crafted XML data via a POST req...

CVE-2018-7804

A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing...

CVE-2018-7811

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server...

CVE-2018-7809

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server...

Crlf injection

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for 1 minute by sending a specially crafted HTTP request...

Design/Logic Flaw

An Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a...

Cross site scripting

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browse...