Vulnerability Description
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicom M340 Firmware | All versions |
| Schneider-Electric | Modicom M340 | - |
| Schneider-Electric | Modicom Premium Firmware | All versions |
| Schneider-Electric | Modicom Premium | All versions |
| Schneider-Electric | Modicom Quantum Firmware | All versions |
| Schneider-Electric | Modicom Quantum | All versions |
| Schneider-Electric | Modicom Bmxnor0200H Firmware | All versions |
| Schneider-Electric | Modicom Bmxnor0200H | - |
Related Weaknesses (CWE)
References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/Vendor Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/Vendor Advisory
FAQ
What is CVE-2018-7833?
CVE-2018-7833 is a vulnerability with a CVSS score of 7.5 (HIGH). An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can sen...
How severe is CVE-2018-7833?
CVE-2018-7833 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7833?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicom M340 Firmware, Schneider-Electric Modicom M340, Schneider-Electric Modicom Premium Firmware, Schneider-Electric Modicom Premium, Schneider-Electric Modicom Quantum Firmware.