Details of VAR-201812-0849

ID

VAR-201812-0849

CVE

CVE-2018-7812

TITLE

plural Schneider Electric Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-012008

DESCRIPTION

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. plural Schneider Electric The product contains an information disclosure vulnerability.Information may be obtained. SchneiderElectricModiconM340 and others are programmable logic controller products from Schneider Electric of France

Trust: 2.34

sources: NVD: CVE-2018-7812 // JVNDB: JVNDB-2018-012008 // CNVD: CNVD-2019-04439 // IVD: 7d8653b0-463f-11e9-9376-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 7d8653b0-463f-11e9-9376-000c29342cb1 // CNVD: CNVD-2019-04439

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicom premium	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicom m340	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicom quantum	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicom bmxnor0200h	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	bmxnor0200	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340 plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon premium plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon quantum plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m340	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon premium	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon quantum	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric bmxnor0200	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	modicom m340	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	modicom premium	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	modicom quantum	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	modicom bmxnor0200h	scope:	-	version:	-	Trust: 0.6
vendor:	modicom m340	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicom premium	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicom quantum	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicom bmxnor0200h	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d8653b0-463f-11e9-9376-000c29342cb1 // CNVD: CNVD-2019-04439 // JVNDB: JVNDB-2018-012008 // CNNVD: CNNVD-201812-767 // NVD: CVE-2018-7812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7812
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7812
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-04439
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-767
value:	MEDIUM
Trust: 0.6
IVD:	7d8653b0-463f-11e9-9376-000c29342cb1
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2018-7812
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-04439
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d8653b0-463f-11e9-9376-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-7812
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 7d8653b0-463f-11e9-9376-000c29342cb1 // CNVD: CNVD-2019-04439 // JVNDB: JVNDB-2018-012008 // CNNVD: CNNVD-201812-767 // NVD: CVE-2018-7812

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-012008 // NVD: CVE-2018-7812

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-767

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-767

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012008

PATCH

title:	SEVD-2018-327-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/	Trust: 0.8
title:	Patch for SchneiderElectricModiconM340, Premium, QuantumPLC, and BMXNOR0200 Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/153747	Trust: 0.6

sources: CNVD: CNVD-2019-04439 // JVNDB: JVNDB-2018-012008

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7812	Trust: 3.2
db:	SCHNEIDER	id:	SEVD-2018-327-01	Trust: 2.2
db:	CNVD	id:	CNVD-2019-04439	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-767	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-012008	Trust: 0.8
db:	IVD	id:	7D8653B0-463F-11E9-9376-000C29342CB1	Trust: 0.2

sources: IVD: 7d8653b0-463f-11e9-9376-000c29342cb1 // CNVD: CNVD-2019-04439 // JVNDB: JVNDB-2018-012008 // CNNVD: CNNVD-201812-767 // NVD: CVE-2018-7812

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2018-327-01/	Trust: 1.6
url:	https://github.com/sadfud/exploits/tree/master/real%20world/scada%20-%20iot%20systems/cve-2018-7812	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7812	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7812	Trust: 0.8
url:	https://download.schneider-electric.com/files?p_endoctype=technical+leaflet&p_file_name=sevd-2018-327-01-embedded-web-servers-modicon-v2.pdf&p_doc_ref=sevd-2018-327-01	Trust: 0.6

sources: CNVD: CNVD-2019-04439 // JVNDB: JVNDB-2018-012008 // CNNVD: CNNVD-201812-767 // NVD: CVE-2018-7812

SOURCES

db:	IVD	id:	7d8653b0-463f-11e9-9376-000c29342cb1
db:	CNVD	id:	CNVD-2019-04439
db:	JVNDB	id:	JVNDB-2018-012008
db:	CNNVD	id:	CNNVD-201812-767
db:	NVD	id:	CVE-2018-7812

LAST UPDATE DATE

2024-11-23T21:52:39.582000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-04439	date:	2019-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-012008	date:	2019-01-29T00:00:00
db:	CNNVD	id:	CNNVD-201812-767	date:	2018-12-18T00:00:00
db:	NVD	id:	CVE-2018-7812	date:	2024-11-21T04:12:46.700

SOURCES RELEASE DATE

db:	IVD	id:	7d8653b0-463f-11e9-9376-000c29342cb1	date:	2019-02-18T00:00:00
db:	CNVD	id:	CNVD-2019-04439	date:	2019-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-012008	date:	2019-01-29T00:00:00
db:	CNNVD	id:	CNNVD-201812-767	date:	2018-12-18T00:00:00
db:	NVD	id:	CVE-2018-7812	date:	2018-12-17T22:29:00.297