PT-2018-2173 · Schneider Electric · Bmxnor0200+3

Publicado

2018-12-07

Atualizado

2018-12-28

CVE-2018-7812

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Modicon M340, Premium, Quantum PLCs and BMXNOR0200 (affected versions not specified)

Description The issue is related to an Information Exposure through Discrepancy, where the embedded web servers in the affected products send different responses that expose security-relevant information about the state of the product. This could allow an attacker to gain information about the product's security state, such as whether a particular operation was successful or not.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-203CWE-200

Identificadores relacionados

BDU:2019-00126

CVE-2018-7812

Produtos afetados

Bmxnor0200

Modicon M340

Premium

Quantum

PT-2018-2173 · Schneider Electric · Bmxnor0200+3

CVE-2018-7812

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4