PT-2018-2169 · Schneider Electric · Bmxnor0200+3

Published

2018-11-28

Updated

2018-12-28

CVE-2018-7810

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Modicon M340, Premium, Quantum PLCs and BMXNOR0200 (affected versions not specified)

Description The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on. The vulnerability exists in the embedded web servers of the affected devices, enabling an attacker to inject JavaScript code that will be executed in the user's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2019-00122

CVE-2018-7810

Affected Products

Bmxnor0200

Modicon M340

Premium

Quantum

PT-2018-2169 · Schneider Electric · Bmxnor0200+3

CVE-2018-7810

Weakness Enumeration

Related Identifiers

Affected Products

References · 4