CVE-2018-7833

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicom_premium:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicom_quantum:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:12

Type Values Removed Values Added
References () https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/ - Vendor Advisory () https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/ - Vendor Advisory

Information

Published : 2018-12-17 22:29

Updated : 2024-11-21 04:12


NVD link : CVE-2018-7833

Mitre link : CVE-2018-7833

CVE.ORG link : CVE-2018-7833


JSON object : View

Products Affected

schneider-electric

  • modicom_m340
  • modicom_quantum_firmware
  • modicom_quantum
  • modicom_bmxnor0200h_firmware
  • modicom_premium
  • modicom_m340_firmware
  • modicom_premium_firmware
  • modicom_bmxnor0200h
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions