Vulnerability in Schneider-electric Modicom_bmxnor0200h
CVE-2018-7811
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web ser…
EPSS: 0.035 (87.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Schneider-electric Modicom_bmxnor0200h
- Schneider-electric Modicom_bmxnor0200h_firmware
- Schneider-electric Modicom_m340
- Schneider-electric Modicom_m340_firmware
- Schneider-electric Modicom_premium
- Schneider-electric Modicom_premium_firmware
- Schneider-electric Modicom_quantum
- Schneider-electric Modicom_quantum_firmware
- Schneider Electric Se Embedded Web Servers In All Modicon M340, Premium, Quantum Plcs And Bmxnor0200 — versions Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200
Weakness classification (CWE)
References
- cybersecurity@se.com (Exploit, Third Party Advisory, x_refsource_MISC)
- cybersecurity@se.com (x_refsource_CONFIRM, Vendor Advisory)
- cybersecurity@se.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-7811?
- CVE-2018-7811 is a critical-severity vulnerability in Schneider-electric Modicom_bmxnor0200h, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 9.8/10. Published 2018-11-30.
- How severe is CVE-2018-7811?
- Critical severity. CVSS v3 base score is 9.8 out of 10.