CVE-2018-7810

Name of the Vulnerable Software and Affected Versions Modicon M340, Premium, Quantum PLCs and BMXNOR0200 (affected versions not specified)

Description The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on. The vulnerability exists in the embedded web servers of the affected devices, enabling an attacker to inject JavaScript code that will be executed in the user's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.