CVE-2018-7241

Name of the Vulnerable Software and Affected Versions Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers (affected versions not specified)

Description The issue is related to hard-coded accounts in the communication modules of the affected controllers. This concern is also associated with the FTP server vulnerability in the programmable logic controllers' firmware, which involves the use of pre-set credentials. Exploitation of this issue could allow a remote attacker to gain access to the device.

Recommendations For all affected versions, consider disabling or restricting access to the FTP server and communication modules until a fix is available. As a temporary workaround, restrict access to the devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.