CVE-2018-7804

Name of the Vulnerable Software and Affected Versions Modicon M340, Premium, Quantum PLCs and BMXNOR0200 (affected versions not specified)

Description The issue is related to insufficient input validation in the microprogram software of Modicon controllers. This can allow an attacker to redirect a user to a malicious site by exploiting the vulnerability. Specifically, a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.

Recommendations For Modicon M340, Premium, Quantum PLCs and BMXNOR0200, consider restricting access to the embedded web server until a fix is available. As a temporary workaround, avoid clicking on links from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.