PT-2018-2170 · Schneider Electric · Bmxnor0200+3

Published

2018-11-28

Updated

2019-10-02

CVE-2018-7811

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Modicon M340, Premium, Quantum PLCs versions (affected versions not specified) BMXNOR0200 versions (affected versions not specified)

Description The issue is related to the lack of necessary checks when changing passwords in the programmable logic controllers' software. This could allow an unauthenticated user to access the password change function of the web server.

Recommendations For Modicon M340, Premium, Quantum PLCs, restrict access to the password change function of the web server until a fix is available. For BMXNOR0200, consider disabling remote access to the web server as a temporary workaround until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-620CWE-640

Related Identifiers

BDU:2019-00123

CVE-2018-7811

Affected Products

Bmxnor0200

Modicon M340

Premium

Quantum Plcs

PT-2018-2170 · Schneider Electric · Bmxnor0200+3

CVE-2018-7811

Weakness Enumeration

Related Identifiers

Affected Products

References · 5