Lucene search

[email protected]CVE-2018-7762

HistoryApr 18, 2018 - 8:29 p.m.

CVE-2018-7762

2018-04-1820:29:00

CWE-119

[email protected]

web.nvd.nist.gov

schneider electric

modicon

m340

premium

quantum plc

vulnerability

buffer overflow

nvd

cve-2018-7762

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.1%

JSON

A vulnerability exists in the web services to process SOAP requests in Schneider Electric’s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.

Affected configurations

NVD

Node

schneider-electricbmxnor0200_firmwareMatch-

AND

schneider-electricbmxnor0200Match-

Node

schneider-electricbmxnor0200h_firmwareMatch-

AND

schneider-electricbmxnor0200hMatch-

Node

schneider-electric140cpu65150_firmwareMatch-

AND

schneider-electric140cpu65150Match-

Node

schneider-electric140cpu31110_firmwareMatch-

AND

schneider-electric140cpu31110Match-

Node

schneider-electric140cpu43412u_firmwareMatch-

AND

schneider-electric140cpu43412uMatch-

Node

schneider-electric140cpu65160_firmwareMatch-

AND

schneider-electric140cpu65160Match-

Node

schneider-electric140cpu65260_firmwareMatch-

AND

schneider-electric140cpu65260Match-

Node

schneider-electric140cpu65860_firmwareMatch-

AND

schneider-electric140cpu65860Match-

Node

schneider-electric140cpu65160s_firmwareMatch-

AND

schneider-electric140cpu65160sMatch-

Node

schneider-electric140cpu65150c_firmwareMatch-

AND

schneider-electric140cpu65150cMatch-

Node

schneider-electric140cpu31110c_firmwareMatch-

AND

schneider-electric140cpu31110cMatch-

Node

schneider-electric140cpu43412uc_firmwareMatch-

AND

schneider-electric140cpu43412ucMatch-

Node

schneider-electric140cpu65160c_firmwareMatch-

AND

schneider-electric140cpu65160cMatch-

Node

schneider-electric140cpu65160c_firmwareMatch-

AND

schneider-electric140cpu65160cMatch-

Node

schneider-electric140cpu65260c_firmwareMatch-

AND

schneider-electric140cpu65260cMatch-

Node

schneider-electric140cpu65860c_firmwareMatch-

AND

schneider-electric140cpu65860cMatch-

Node

schneider-electricmodicon_m340_bmxp341000_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp341000Match-

Node

schneider-electricmodicon_m340_bmxp342000_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp342000Match-

Node

schneider-electricmodicon_m340_bmxp3420102_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp3420102Match-

Node

schneider-electricmodicon_m340_bmxp3420102cl_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp3420102clMatch-

Node

schneider-electricmodicon_m340_bmxp342020_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp342020Match-

Node

schneider-electricmodicon_m340_bmxp3420302_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp3420302Match-

Node

schneider-electricmodicon_m340_bmxp3420302cl_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp3420302clMatch-

Node

schneider-electricmodicon_m340_bmxp3420302h_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp3420302hMatch-

Node

schneider-electricmodicon_m340_bmxp342020h_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp342020hMatch-

Node

schneider-electricmodicon_m340_bmxp341000h_firmwareMatch-

AND

schneider-electricmodicon_m340_bmxp341000hMatch-

Node

schneider-electrictsxh5724m_firmwareMatch-

AND

schneider-electrictsxh5724mMatch-

Node

schneider-electrictsxh5744m_firmwareMatch-

AND

schneider-electrictsxh5744mMatch-

Node

schneider-electrictsxp57104m_firmwareMatch-

AND

schneider-electrictsxp57104mMatch-

Node

schneider-electrictsxp57154m_firmwareMatch-

AND

schneider-electrictsxp57154mMatch-

Node

schneider-electrictsxp571634m_firmwareMatch-

AND

schneider-electrictsxp571634mMatch-

Node

schneider-electrictsxp57204m_firmwareMatch-

AND

schneider-electrictsxp57204mMatch-

Node

schneider-electrictsxp57254m_firmwareMatch-

AND

schneider-electrictsxp57254mMatch-

Node

schneider-electrictsxp572634m_firmwareMatch-

AND

schneider-electrictsxp572634mMatch-

Node

schneider-electrictsxp57304m_firmwareMatch-

AND

schneider-electrictsxp57304mMatch-

Node

schneider-electrictsxp57354m_firmwareMatch-

AND

schneider-electrictsxp57354mMatch-

Node

schneider-electrictsxp573634m_firmwareMatch-

AND

schneider-electrictsxp573634mMatch-

Node

schneider-electrictsxp57454m_firmwareMatch-

AND

schneider-electrictsxp57454mMatch-

Node

schneider-electrictsxp574634m_firmwareMatch-

AND

schneider-electrictsxp574634mMatch-

Node

schneider-electrictsxp575634m_firmwareMatch-

AND

schneider-electrictsxp575634mMatch-

Node

schneider-electrictsxp576634m_firmwareMatch-

AND

schneider-electrictsxp576634mMatch-

Node

schneider-electrictsxh5724mc_firmwareMatch-

AND

schneider-electrictsxh5724mcMatch-

Node

schneider-electrictsxh5744mc_firmwareMatch-

AND

schneider-electrictsxh5744mcMatch-

Node

schneider-electrictsxp57104mc_firmwareMatch-

AND

schneider-electrictsxp57104mcMatch-

Node

schneider-electrictsxp57154mc_firmwareMatch-

AND

schneider-electrictsxp57154mcMatch-

Node

schneider-electrictsxp571634mc_firmwareMatch-

AND

schneider-electrictsxp571634mcMatch-

Node

schneider-electrictsxp57204mc_firmwareMatch-

AND

schneider-electrictsxp57204mcMatch-

Node

schneider-electrictsxp57254mc_firmwareMatch-

AND

schneider-electrictsxp57254mcMatch-

Node

schneider-electrictsxp572634mc_firmwareMatch-

AND

schneider-electrictsxp572634mcMatch-

Node

schneider-electrictsxp57304mc_firmwareMatch-

AND

schneider-electrictsxp57304mcMatch-

Node

schneider-electrictsxp57354mc_firmwareMatch-

AND

schneider-electrictsxp57354mcMatch-

Node

schneider-electrictsxp573634mc_firmwareMatch-

AND

schneider-electrictsxp573634mcMatch-

Node

schneider-electrictsxp57454mc_firmwareMatch-

AND

schneider-electrictsxp57454mcMatch-

Node

schneider-electrictsxp574634mc_firmwareMatch-

AND

schneider-electrictsxp574634mcMatch-

Node

schneider-electrictsxp57554mc_firmwareMatch-

AND

schneider-electrictsxp57554mcMatch-

Node

schneider-electrictsxp575634mc_firmwareMatch-

AND

schneider-electrictsxp575634mcMatch-

Node

schneider-electrictsxp576634mc_firmwareMatch-

AND

schneider-electrictsxp576634mcMatch-

Node

schneider-electrictsxh5724m_firmwareMatch-

AND

schneider-electrictsxh5724mMatch-

Node

schneider-electrictsxh5744mc_firmwareMatch-

AND

schneider-electrictsxh5744mcMatch-

Node

schneider-electrictsxp57554m_firmwareMatch-

AND

schneider-electrictsxp57554mMatch-

CPENameOperatorVersion
schneider-electric:bmxnor0200_firmwareschneider-electric bmxnor0200 firmwareeq-

CPE	Name	Operator	Version
schneider-electric:bmxnor0200_firmware	schneider-electric bmxnor0200 firmware	eq	-

CNA Affected

[
  {
    "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203",
    "vendor": "Schneider Electric SE",
    "versions": [
      {
        "status": "affected",
        "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0203"
      }
    ]
  }
]

References

www.schneider-electric.com/en/download/document/SEVD-2018-081-02/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for CVE-2018-7762

nessus1 prion1 cvelist1 ptsecurity1 nvd1