Vulnerability in Schneider-electric Modicom_bmxnor0200h
CVE-2018-7833
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a PO…
EPSS: 0.014 (68.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Schneider-electric Modicom_bmxnor0200h
- Schneider-electric Modicom_bmxnor0200h_firmware
- Schneider-electric Modicom_m340
- Schneider-electric Modicom_m340_firmware
- Schneider-electric Modicom_premium
- Schneider-electric Modicom_premium_firmware
- Schneider-electric Modicom_quantum
- Schneider-electric Modicom_quantum_firmware
- Schneider Electric Se Embedded Web Servers In All Modicon M340, Premium, Quantum Plcs And Bmxnor0200 — versions Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200
Weakness classification (CWE)
References
- cybersecurity@se.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2018-7833?
- CVE-2018-7833 is a high-severity vulnerability in Schneider-electric Modicom_bmxnor0200h, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 7.5/10. Published 2018-12-17.
- How severe is CVE-2018-7833?
- High severity. CVSS v3 base score is 7.5 out of 10.