CVE-2018-7760

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon Premium versions (affected versions not specified) Schneider Electric Modicon Quantum PLC versions (affected versions not specified) Schneider Electric Modicon M340 versions (affected versions not specified) Schneider Electric Modicon BMXNOR0200 versions (affected versions not specified)

Description: The issue is related to errors in the authentication mechanism of the embedded web server in the controllers, which can be exploited by an attacker to bypass authentication using specially crafted CGI requests. This allows malicious users to bypass authorization.

Recommendations: For Schneider Electric Modicon Premium, update the authentication mechanism to prevent bypassing. For Schneider Electric Modicon Quantum PLC, restrict access to CGI functions until a patch is available. For Schneider Electric Modicon M340, consider disabling the web server functionality as a temporary workaround. For Schneider Electric Modicon BMXNOR0200, avoid using the vulnerable CGI functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.