Sign-up

ID

VAR-201804-1268


CVE

CVE-2018-7241


TITLE

plural Schneider Electric Vulnerabilities related to the use of hard-coded credentials in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-004278

DESCRIPTION

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. plural Schneider Electric The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\Modicon Quantum\\Modicon M340\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a hard-coded certificate vulnerability that stems from the fact that the FTP server contains a hard-coded account that allows an attacker to exploit the vulnerability to perform unauthorized access. Multiple Schneider Electric Modicon products are prone to a remote security vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The vulnerability stems from the presence of hard-coded accounts in the program

Trust: 2.79

sources: NVD: CVE-2018-7241 // JVNDB: JVNDB-2018-004278 // CNVD: CNVD-2018-06520 // BID: 103542 // IVD: e2e9e141-39ab-11e9-89d4-000c29342cb1 // VULHUB: VHN-137273 // VULMON: CVE-2018-7241

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e9e141-39ab-11e9-89d4-000c29342cb1 // CNVD: CNVD-2018-06520

AFFECTED PRODUCTS

vendor:schneider electricmodel:tsxp57554mscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxh5724mscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp573634mcscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp57354mcscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp574634mcscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxh5744mcscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp575634mcscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp57454mcscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp57554mcscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp576634mcscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp57154mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57254mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342000scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57204mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57254mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp575634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu31110scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65160scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57104mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp341000hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65860cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57454mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp571634mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp573634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57104mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57304mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57304mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65260scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65150cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57354mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65160sscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65160cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxh5744mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57154mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342020hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp571634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65260cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65860scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302clscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:bmxnor0200scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:bmxnor0200hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu43412ucscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu43412uscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp574634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxh5724mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp341000scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342020scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp572634mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65150scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420102clscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57204mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp572634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420102scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu31110cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp576634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:bmxnor0200scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m340 pacscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon rtuscope:eqversion:x80

Trust: 0.6

vendor:140cpu65160cmodel: - scope:eqversion: -

Trust: 0.4

vendor:tsxh5724mmodel: - scope:eqversion: -

Trust: 0.4

vendor:tsxh5744mcmodel: - scope:eqversion: -

Trust: 0.4

vendor:schneider electricmodel:modicon quantumscope:eqversion:0

Trust: 0.3

vendor:schneider electricmodel:modicon premiumscope:eqversion:0

Trust: 0.3

vendor:schneider electricmodel:modicon m340scope:eqversion:0

Trust: 0.3

vendor:schneider electricmodel:modicon bmxnor0200scope:eqversion:0

Trust: 0.3

vendor:bmxnor0200model: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65150cmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu31110cmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu43412ucmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65260cmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65860cmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp341000model: - scope:eqversion: -

Trust: 0.2

vendor:bmxp342000model: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420102model: - scope:eqversion: -

Trust: 0.2

vendor:bmxnor0200hmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420102clmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp342020model: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420302model: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420302clmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420302hmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp342020hmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp341000hmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxh5744mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57104mmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65150model: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57154mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp571634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57204mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57254mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp572634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57304mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57354mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp573634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57454mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp574634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu31110model: - scope:eqversion: -

Trust: 0.2

vendor:tsxp575634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp576634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxh5724mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57104mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57154mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp571634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57204mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57254mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp572634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu43412umodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57304mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57354mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp573634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57454mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp574634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57554mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp575634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp576634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65160model: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57554mmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65260model: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65860model: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65160smodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2e9e141-39ab-11e9-89d4-000c29342cb1 // CNVD: CNVD-2018-06520 // BID: 103542 // JVNDB: JVNDB-2018-004278 // CNNVD: CNNVD-201803-999 // NVD: CVE-2018-7241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7241
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7241
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-06520
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-999
value: CRITICAL

Trust: 0.6

IVD: e2e9e141-39ab-11e9-89d4-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-137273
value: HIGH

Trust: 0.1

VULMON: CVE-2018-7241
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7241
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-06520
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e9e141-39ab-11e9-89d4-000c29342cb1
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137273
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7241
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e9e141-39ab-11e9-89d4-000c29342cb1 // CNVD: CNVD-2018-06520 // VULHUB: VHN-137273 // VULMON: CVE-2018-7241 // JVNDB: JVNDB-2018-004278 // CNNVD: CNNVD-201803-999 // NVD: CVE-2018-7241

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-137273 // JVNDB: JVNDB-2018-004278 // NVD: CVE-2018-7241

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-999

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-999

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004278

PATCH
title:Security Notification - Embedded FTP Servers for Modiconurl:https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
Trust: 0.8
title:Multiple Schneider Electric Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79469
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004278 // 
            
            
            
            CNNVD: CNNVD-201803-999

EXTERNAL IDS
db:NVDid:CVE-2018-7241
Trust: 3.7
db:ICS CERTid:ICSA-18-086-01
Trust: 3.5
db:SCHNEIDERid:SEVD-2018-081-01
Trust: 2.1
db:BIDid:103542
Trust: 1.5
db:CNNVDid:CNNVD-201803-999
Trust: 0.9
db:CNVDid:CNVD-2018-06520
Trust: 0.8
db:JVNDBid:JVNDB-2018-004278
Trust: 0.8
db:NSFOCUSid:39226
Trust: 0.6
db:IVDid:E2E9E141-39AB-11E9-89D4-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-137273
Trust: 0.1
db:VULMONid:CVE-2018-7241
Trust: 0.1
sources:
            
            
            IVD: e2e9e141-39ab-11e9-89d4-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06520 // 
            
            
            
            VULHUB: VHN-137273 // 
            
            
            
            VULMON: CVE-2018-7241 // 
            
            
            
            BID: 103542 // 
            
            
            
            JVNDB: JVNDB-2018-004278 // 
            
            
            
            CNNVD: CNNVD-201803-999 // 
            
            
            
            NVD: CVE-2018-7241

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-086-01
Trust: 3.6
url:https://www.schneider-electric.com/en/download/document/sevd-2018-081-01/
Trust: 2.1
url:http://www.securityfocus.com/bid/103542
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7241
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7241
Trust: 0.8
url:http://www.nsfocus.net/vulndb/39226
Trust: 0.6
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06520 // 
            
            
            
            VULHUB: VHN-137273 // 
            
            
            
            VULMON: CVE-2018-7241 // 
            
            
            
            BID: 103542 // 
            
            
            
            JVNDB: JVNDB-2018-004278 // 
            
            
            
            CNNVD: CNNVD-201803-999 // 
            
            
            
            NVD: CVE-2018-7241

CREDITS
Nikita Maximov (Positive Technologies)
Trust: 0.3
sources:
            
            
            BID: 103542

SOURCES
db:IVDid:e2e9e141-39ab-11e9-89d4-000c29342cb1
db:CNVDid:CNVD-2018-06520
db:VULHUBid:VHN-137273
db:VULMONid:CVE-2018-7241
db:BIDid:103542
db:JVNDBid:JVNDB-2018-004278
db:CNNVDid:CNNVD-201803-999
db:NVDid:CVE-2018-7241

LAST UPDATE DATE
2024-11-23T22:45:23.704000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06520date:2018-03-28T00:00:00
db:VULHUBid:VHN-137273date:2018-12-05T00:00:00
db:VULMONid:CVE-2018-7241date:2018-12-05T00:00:00
db:BIDid:103542date:2018-03-22T00:00:00
db:JVNDBid:JVNDB-2018-004278date:2018-07-04T00:00:00
db:CNNVDid:CNNVD-201803-999date:2018-05-09T00:00:00
db:NVDid:CVE-2018-7241date:2024-11-21T04:11:51.557

SOURCES RELEASE DATE
db:IVDid:e2e9e141-39ab-11e9-89d4-000c29342cb1date:2018-03-28T00:00:00
db:CNVDid:CNVD-2018-06520date:2018-03-28T00:00:00
db:VULHUBid:VHN-137273date:2018-04-18T00:00:00
db:VULMONid:CVE-2018-7241date:2018-04-18T00:00:00
db:BIDid:103542date:2018-03-22T00:00:00
db:JVNDBid:JVNDB-2018-004278date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201803-999date:2018-03-28T00:00:00
db:NVDid:CVE-2018-7241date:2018-04-18T20:29:00.327