CVE-2018-7831

{"id": "CVE-2018-7831", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-11-30T19:29:00.593", "references": [{"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://www.tenable.com/security/research/tra-2018-38", "tags": ["Exploit", "Third Party Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tenable.com/security/research/tra-2018-38", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server."}, {"lang": "es", "value": "Existe una vulnerabilidad de neutralizaci\u00f3n incorrecta de etiquetas HTML relacionadas con scripts en una p\u00e1gina web (XSS b\u00e1sico) en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podr\u00eda permitir que un atacante env\u00ede una URL especialmente manipulada a un usuario autenticado del servidor web para que ejecute un cambio de contrase\u00f1a en el servidor web."}], "lastModified": "2024-11-21T04:12:50.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A53C0B78-6556-44B7-9546-75F48EDD87CB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F3D3249-CD51-496E-AB39-79D53EB318F8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA79EF8E-C525-4CCB-AC21-F7493FA55BF7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_premium:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F3ED1E3-2D3F-4ACD-84C9-FD282C4845D9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62BAE494-82C9-4CC7-8149-37DD1ADA10F2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_quantum:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC2867F0-53B1-465E-A413-6EFE4ED0FFC4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99FE33D-BBA0-40B7-B79C-E276BF8353FB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8C420C7F-5B35-4775-8775-241FDD0B759C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}