CVE-2018-7831

Name of the Vulnerable Software and Affected Versions Modicon M340, Premium, Quantum PLCs and BMXNOR0200 (affected versions not specified)

Description The issue is related to an improper neutralization of script-related HTML tags in a web page, which can be exploited to execute a password change on the web server. An attacker can send a specially crafted URL to a currently authenticated web server user to initiate the password change procedure. This can allow an attacker to change the password of an authenticated user.

Recommendations For Modicon M340, Premium, Quantum PLCs and BMXNOR0200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.