Vulnerability in Schneider-electric Modicom_bmxnor0200h

CVE-2018-7809

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web ser…

EPSS: 0.025 (82.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2018-7809?
CVE-2018-7809 is a critical-severity vulnerability in Schneider-electric Modicom_bmxnor0200h, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 9.8/10. Published 2018-11-30.
How severe is CVE-2018-7809?
Critical severity. CVSS v3 base score is 9.8 out of 10.