CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

Tenable Nessus•added 2022/02/07 12:0 a.m.•19 views

Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2018-7812)

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether...

7.5CVSS7.1AI score0.00833EPSS

Exploits0References3

Tenable Nessus•added 2022/02/07 12:0 a.m.•16 views

Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-7809)

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. This plugin only works with Tenable.ot. Please visit...

9.8CVSS7.4AI score0.01984EPSS

Exploits1References3

Tenable Nessus•added 2022/02/07 12:0 a.m.•21 views

Schneider Electric Modicon Cross-site Scripting (CVE-2018-7831)

An Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a...

8.8CVSS7.5AI score0.00223EPSS

Exploits1References4

Tenable Nessus•added 2022/02/07 12:0 a.m.•14 views

Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-7811)

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server This plugin only works with Tenable.ot. Please visit...

9.8CVSS7.4AI score0.01533EPSS

Exploits1References4

IBM Security Bulletins•added 2020/07/24 10:19 p.m.•42 views

Security Bulletin: Multiple Websphere Vulnerabilities Impact IBM Control Center (CVE-2018-3169, CVE-2014-7810, CVE-2018-1767)

Summary There are multiple vulnerabilities in Websphere that is used by Control Center. Vulnerability Details CVEID: CVE-2018-3169 refer to CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and...

8.3CVSS0.8AI score0.09485EPSS

Exploits1Affected Software1

Prion•added 2018/12/17 10:29 p.m.•13 views

Input validation

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...

5CVSS7.5AI score0.00455EPSS

Exploits0References1

NVD•added 2018/12/17 10:29 p.m.•15 views

CVE-2018-7833

7.5CVSS7.5AI score0.00455EPSS

Exploits0References1

Prion•added 2018/12/17 10:29 p.m.•17 views

Design/Logic Flaw

A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing...

5.8CVSS6.1AI score0.00197EPSS

Exploits1References1

Prion•added 2018/12/17 10:29 p.m.•12 views

Information disclosure

5CVSS7.4AI score0.00833EPSS

Exploits0References2

NVD•added 2018/12/17 10:29 p.m.•14 views

CVE-2018-7812

7.5CVSS7.5AI score0.00833EPSS

Exploits0References2

CVE•added 2018/12/17 10:0 p.m.•40 views

CVE-2018-7833

CVE-2018-7833 affects the embedded web servers in Schneider Electric Modicon M340, Premium, Quantum PLCs and BMXNOR0200. A vulnerability described as an improper check for unusual or exceptional conditions allows an unauthenticated remote attacker to send specially crafted XML data via a POST req...

7.5CVSS7.5AI score0.00455EPSS

Exploits0References1Affected Software1

CVE•added 2018/12/17 10:0 p.m.•52 views

CVE-2018-7812

CVE-2018-7812 affects Schneider Electric Modicon M340, Premium, Quantum PLCs and BMXNOR0200. The embedded web servers expose security-relevant information by returning different responses (information-disclosure via discrepancy), revealing state or operation outcomes. Affects confidentiality (par...

7.5CVSS7.4AI score0.00833EPSS

Exploits0References2Affected Software1

Cvelist•added 2018/12/17 10:0 p.m.•12 views

CVE-2018-7833

7.5AI score0.00455EPSS

Exploits0References1

CVE•added 2018/12/17 10:0 p.m.•48 views

CVE-2018-7804

CVE-2018-7804 affects Schneider Electric Modicon devices: M340, Premium, Quantum PLCs and BMXNOR0200 with embedded web servers. The vulnerability is a URL redirection to an untrusted site triggered when a user clicks a specially crafted link. The issue is an open redirect in the web interface, en...

6.1CVSS6.1AI score0.00197EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/12/17 10:0 p.m.•18 views

CVE-2018-7804

6.1AI score0.00197EPSS

Exploits1References1

Prion•added 2018/11/30 7:29 p.m.•13 views

Design/Logic Flaw

4.3CVSS8.6AI score0.00223EPSS

Exploits1References2

Prion•added 2018/11/30 7:29 p.m.•14 views

Default credentials