Sign-up

ID

VAR-201811-0565


CVE

CVE-2018-7809


TITLE

plural Modicon Vulnerability related to password management function in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-012800

DESCRIPTION

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. plural Modicon The product contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and other are programmable logic controller products of Schneider Electric (France). Unknown vulnerabilities in multiple Schneider Electric products. An attacker could use this vulnerability to delete or reset an existing username and password

Trust: 2.34

sources: NVD: CVE-2018-7809 // JVNDB: JVNDB-2018-012800 // CNVD: CNVD-2019-45184 // IVD: f73f0567-fe59-4f30-8753-c4f2626662f2

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: f73f0567-fe59-4f30-8753-c4f2626662f2 // CNVD: CNVD-2019-45184

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicom premiumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicom m340scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicom quantumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicom bmxnor0200hscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:bmxnor0200scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m340 plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric bmxnor0200scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric premiumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric quantum plcsscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneider electricmodel:modicom m340scope: - version: -

Trust: 0.6

vendor:schneider electricmodel:modicom premiumscope: - version: -

Trust: 0.6

vendor:schneider electricmodel:modicom quantumscope: - version: -

Trust: 0.6

vendor:schneider electricmodel:modicom bmxnor0200hscope: - version: -

Trust: 0.6

vendor:modicom m340model: - scope:eqversion:*

Trust: 0.2

vendor:modicom premiummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicom quantummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicom bmxnor0200hmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f73f0567-fe59-4f30-8753-c4f2626662f2 // CNVD: CNVD-2019-45184 // JVNDB: JVNDB-2018-012800 // CNNVD: CNNVD-201811-883 // NVD: CVE-2018-7809

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7809
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7809
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-45184
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-883
value: MEDIUM

Trust: 0.6

IVD: f73f0567-fe59-4f30-8753-c4f2626662f2
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-7809
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-45184
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f73f0567-fe59-4f30-8753-c4f2626662f2
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7809
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: f73f0567-fe59-4f30-8753-c4f2626662f2 // CNVD: CNVD-2019-45184 // JVNDB: JVNDB-2018-012800 // CNNVD: CNNVD-201811-883 // NVD: CVE-2018-7809

PROBLEMTYPE DATA

problemtype:CWE-640

Trust: 1.8

sources: JVNDB: JVNDB-2018-012800 // NVD: CVE-2018-7809

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-883

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201811-883

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012800

PATCH
title:SEVD-2018-327-01url:https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-327-01-Embedded-Web-Servers-Modicon-V2.pdf&p_Doc_Ref=SEVD-2018-327-01
Trust: 0.8
title:Multiple Schneider Electric Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87099
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012800 // 
            
            
            
            CNNVD: CNNVD-201811-883

EXTERNAL IDS
db:NVDid:CVE-2018-7809
Trust: 3.2
db:SCHNEIDERid:SEVD-2018-327-01
Trust: 2.2
db:TENABLEid:TRA-2018-38
Trust: 1.6
db:CNVDid:CNVD-2019-45184
Trust: 0.8
db:CNNVDid:CNNVD-201811-883
Trust: 0.8
db:JVNDBid:JVNDB-2018-012800
Trust: 0.8
db:IVDid:F73F0567-FE59-4F30-8753-C4F2626662F2
Trust: 0.2
sources:
            
            
            IVD: f73f0567-fe59-4f30-8753-c4f2626662f2 // 
            
            
            
            CNVD: CNVD-2019-45184 // 
            
            
            
            JVNDB: JVNDB-2018-012800 // 
            
            
            
            CNNVD: CNNVD-201811-883 // 
            
            
            
            NVD: CVE-2018-7809

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2018-327-01/
Trust: 2.2
url:https://www.tenable.com/security/research/tra-2018-38
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7809
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7809
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-45184 // 
            
            
            
            JVNDB: JVNDB-2018-012800 // 
            
            
            
            CNNVD: CNNVD-201811-883 // 
            
            
            
            NVD: CVE-2018-7809

SOURCES
db:IVDid:f73f0567-fe59-4f30-8753-c4f2626662f2
db:CNVDid:CNVD-2019-45184
db:JVNDBid:JVNDB-2018-012800
db:CNNVDid:CNNVD-201811-883
db:NVDid:CVE-2018-7809

LAST UPDATE DATE
2024-11-23T21:52:39.519000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-45184date:2019-12-13T00:00:00
db:JVNDBid:JVNDB-2018-012800date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201811-883date:2018-12-03T00:00:00
db:NVDid:CVE-2018-7809date:2024-11-21T04:12:46.357

SOURCES RELEASE DATE
db:IVDid:f73f0567-fe59-4f30-8753-c4f2626662f2date:2019-12-13T00:00:00
db:CNVDid:CNVD-2019-45184date:2019-12-12T00:00:00
db:JVNDBid:JVNDB-2018-012800date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201811-883date:2018-11-29T00:00:00
db:NVDid:CVE-2018-7809date:2018-11-30T19:29:00.437