CVE-2018-7810

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/	Vendor Advisory
https://www.tenable.com/security/research/tra-2018-38	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_premium:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_quantum:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-11-30 19:29

Updated : 2024-02-28 16:48

NVD link : CVE-2018-7810

Mitre link : CVE-2018-7810

CVE.ORG link : CVE-2018-7810

JSON object : View

Products Affected

schneider-electric

modicom_m340_firmware
modicom_premium
modicom_bmxnor0200h
modicom_quantum_firmware
modicom_premium_firmware
modicom_bmxnor0200h_firmware
modicom_quantum
modicom_m340

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2018-7810", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-11-30T19:29:00.470", "references": [{"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://www.tenable.com/security/research/tra-2018-38", "tags": ["Exploit", "Third Party Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on."}, {"lang": "es", "value": "Existe una vulnerabilidad de neutralizaci\u00f3n indebida de entradas durante la generaci\u00f3n de p\u00e1ginas web (\"Cross-Site Scripting\") en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podr\u00eda permitir que un atacante manipule una URL que contiene JavaScript, que se ejecutar\u00e1 en el navegador del usuario, teniendo un impacto potencial en la m\u00e1quina en la que se est\u00e1 ejecutando el navegador."}], "lastModified": "2018-12-28T18:31:45.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A53C0B78-6556-44B7-9546-75F48EDD87CB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F3D3249-CD51-496E-AB39-79D53EB318F8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA79EF8E-C525-4CCB-AC21-F7493FA55BF7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_premium:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8BAD47C7-A8D1-44B3-9917-D5285E63F3B5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62BAE494-82C9-4CC7-8149-37DD1ADA10F2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_quantum:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B17B062-016A-45C2-A640-C8FD31E6E05F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99FE33D-BBA0-40B7-B79C-E276BF8353FB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8C420C7F-5B35-4775-8775-241FDD0B759C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}