CVE-2018-7761

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon BMXNOR0200 (affected versions not specified) Schneider Electric Modicon M340 (affected versions not specified) Schneider Electric Modicon Premium (affected versions not specified) Schneider Electric Modicon Quantum PLC (affected versions not specified)

Description: The issue is related to an error in parsing HTTP requests in the embedded web server of the affected devices. This could allow a remote attacker to execute arbitrary code on the web server using specially crafted HTTP requests.

Recommendations: For Schneider Electric Modicon BMXNOR0200, consider disabling the HTTP request parser until a patch is available. For Schneider Electric Modicon M340, restrict access to the web server to minimize the risk of exploitation. For Schneider Electric Modicon Premium, avoid using the web server for critical operations until the issue is resolved. For Schneider Electric Modicon Quantum PLC, limit network exposure of the device to reduce the risk of remote exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.