Vulnerability Description
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicom M340 Firmware | All versions |
| Schneider-Electric | Modicom M340 | - |
| Schneider-Electric | Modicom Premium Firmware | All versions |
| Schneider-Electric | Modicom Premium | All versions |
| Schneider-Electric | Modicom Quantum Firmware | All versions |
| Schneider-Electric | Modicom Quantum | All versions |
| Schneider-Electric | Modicom Bmxnor0200H Firmware | All versions |
| Schneider-Electric | Modicom Bmxnor0200H | - |
Related Weaknesses (CWE)
References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/Vendor Advisory
- https://www.tenable.com/security/research/tra-2018-38ExploitThird Party Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/Vendor Advisory
- https://www.tenable.com/security/research/tra-2018-38ExploitThird Party Advisory
FAQ
What is CVE-2018-7809?
CVE-2018-7809 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the ...
How severe is CVE-2018-7809?
CVE-2018-7809 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7809?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicom M340 Firmware, Schneider-Electric Modicom M340, Schneider-Electric Modicom Premium Firmware, Schneider-Electric Modicom Premium, Schneider-Electric Modicom Quantum Firmware.