Vulnerability Description
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicom M340 Firmware | All versions |
| Schneider-Electric | Modicom M340 | - |
| Schneider-Electric | Modicom Premium Firmware | All versions |
| Schneider-Electric | Modicom Premium | All versions |
| Schneider-Electric | Modicom Quantum Firmware | All versions |
| Schneider-Electric | Modicom Quantum | All versions |
| Schneider-Electric | Modicom Bmxnor0200H Firmware | All versions |
| Schneider-Electric | Modicom Bmxnor0200H | - |
Related Weaknesses (CWE)
References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/Vendor Advisory
- https://www.tenable.com/security/research/tra-2018-38ExploitThird Party Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/Vendor Advisory
- https://www.tenable.com/security/research/tra-2018-38ExploitThird Party Advisory
FAQ
What is CVE-2018-7830?
CVE-2018-7830 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a...
How severe is CVE-2018-7830?
CVE-2018-7830 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7830?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicom M340 Firmware, Schneider-Electric Modicom M340, Schneider-Electric Modicom Premium Firmware, Schneider-Electric Modicom Premium, Schneider-Electric Modicom Quantum Firmware.