PT-2018-2173 · Schneider Electric · Bmxnor0200+3

Published

2018-12-07

Updated

2018-12-28

CVE-2018-7812

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Modicon M340, Premium, Quantum PLCs and BMXNOR0200 (affected versions not specified)

Description The issue is related to an Information Exposure through Discrepancy, where the embedded web servers in the affected products send different responses that expose security-relevant information about the state of the product. This could allow an attacker to gain information about the product's security state, such as whether a particular operation was successful or not.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-200

Related Identifiers

BDU:2019-00126

CVE-2018-7812

Affected Products

Bmxnor0200

Modicon M340

Premium

Quantum

PT-2018-2173 · Schneider Electric · Bmxnor0200+3

CVE-2018-7812

Weakness Enumeration

Related Identifiers

Affected Products

References · 4