PT-2018-2172 · Schneider Electric · Bmxnor0200+3

Published

2018-11-23

Updated

2020-08-24

CVE-2018-7831

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Modicon M340, Premium, Quantum PLCs and BMXNOR0200 (affected versions not specified)

Description The issue is related to an improper neutralization of script-related HTML tags in a web page, which can be exploited to execute a password change on the web server. An attacker can send a specially crafted URL to a currently authenticated web server user to initiate the password change procedure. This can allow an attacker to change the password of an authenticated user.

Recommendations For Modicon M340, Premium, Quantum PLCs and BMXNOR0200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79CWE-352

Related Identifiers

BDU:2019-00125

CVE-2018-7831

Affected Products

Bmxnor0200

Modicon M340

Premium

Quantum

PT-2018-2172 · Schneider Electric · Bmxnor0200+3

CVE-2018-7831

Weakness Enumeration

Related Identifiers

Affected Products

References · 4