Details of VAR-201804-1334

ID

VAR-201804-1334

CVE

CVE-2018-7758

TITLE

plural Schneider Electric Vulnerability related to session expiration in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-004488

DESCRIPTION

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number. plural Schneider Electric Product Contains a session expiration vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric MiCOM Px4x, MiCOM P540D Range and MiCOM Px4x Rejuvenated are relay products of French Schneider Electric (Schneider Electric). Attackers can exploit this vulnerability to disable network communication for users. The following products and versions are affected: Schneider Electric MiCOM P14x version 46, all D6 versions except MiCOM P44x D6(E), MiCOM P64x, MiCOM P849 (MiCOM Px4x); MiCOM P445 version 35, version 36, version 37, version E0 , F0* version, F1 version, F2 version, MiCOM P443Version 54, Version 55, Version 57, Version B0, Version D0*, Version D1, Version D2, P446 Version 54, Version 55, Version 57, Version B0, Version D0*, Version D1, Version D2, MiCOM P543 to P546 44 Version, Version 54, Version 45, Version 55, Version 47, Version 57, Version A0, Version B0, Version C0*, Version DO*, Version D1, Version D2, MiCOM P841A Version 44, Version 45, Version 47, Version A0 , C0(*) version, C1 version, C2 version, MiCOM P841B 54 version, 55 version, 57 version, B0 version, D0*) version, D1 version, D2 (MiCOM P540D Range); MiCOM P443 H4 version, MiCOM P445 H4 version, MiCOM P446 H4 version, MiCOM All P54x H4 version, MiCOM P841A H4 version, MiCOM P841B H4 version, other versions except MiCOM P14x B2(B), MiCOM P44x, MiCOM P64x, MiCOM P746, MiCOM P849 (MiCOM Px4x Rejuvenated )

Trust: 1.71

sources: NVD: CVE-2018-7758 // JVNDB: JVNDB-2018-004488 // VULHUB: VHN-137790

AFFECTED PRODUCTS

vendor:	schneider electric	model:	micom p142	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p145	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p746	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p643	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p849	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p645	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p141	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p841a	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p642	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p143	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	micom p545	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p542	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p546	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p841b	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p544	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p444	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p443	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p441	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p543	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p541	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p442	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p445	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p446	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	micom p141	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	micom p441	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	micom p541	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	micom p642	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	micom p841a	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-004488 // CNNVD: CNNVD-201804-826 // NVD: CVE-2018-7758

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7758
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7758
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201804-826
value:	LOW
Trust: 0.6
VULHUB:	VHN-137790
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-7758
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-137790
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7758
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-137790 // JVNDB: JVNDB-2018-004488 // CNNVD: CNNVD-201804-826 // NVD: CVE-2018-7758

PROBLEMTYPE DATA

problemtype:

CWE-613

Trust: 1.9

sources: VULHUB: VHN-137790 // JVNDB: JVNDB-2018-004488 // NVD: CVE-2018-7758

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201804-826

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-826

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004488

PATCH

title:	SEVD-2018-074-02	url:	https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/	Trust: 0.8
title:	SEVD-2018-074-03	url:	https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/	Trust: 0.8
title:	SEVD-2018-074-04	url:	https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/	Trust: 0.8
title:	Schneider Electric MiCOM Px4x , MiCOM P540D Range and MiCOM Px4x Rejuvenated Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80187	Trust: 0.6

sources: JVNDB: JVNDB-2018-004488 // CNNVD: CNNVD-201804-826

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7758	Trust: 2.5
db:	SCHNEIDER	id:	SEVD-2018-074-03	Trust: 1.7
db:	SCHNEIDER	id:	SEVD-2018-074-02	Trust: 1.7
db:	SCHNEIDER	id:	SEVD-2018-074-04	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-004488	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-826	Trust: 0.6
db:	VULHUB	id:	VHN-137790	Trust: 0.1

sources: VULHUB: VHN-137790 // JVNDB: JVNDB-2018-004488 // CNNVD: CNNVD-201804-826 // NVD: CVE-2018-7758

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2018-074-02/	Trust: 1.7
url:	https://www.schneider-electric.com/en/download/document/sevd-2018-074-03/	Trust: 1.7
url:	https://www.schneider-electric.com/en/download/document/sevd-2018-074-04/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7758	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7758	Trust: 0.8

sources: VULHUB: VHN-137790 // JVNDB: JVNDB-2018-004488 // CNNVD: CNNVD-201804-826 // NVD: CVE-2018-7758

SOURCES

db:	VULHUB	id:	VHN-137790
db:	JVNDB	id:	JVNDB-2018-004488
db:	CNNVD	id:	CNNVD-201804-826
db:	NVD	id:	CVE-2018-7758

LAST UPDATE DATE

2024-11-23T23:05:08.115000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-137790	date:	2018-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-004488	date:	2018-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201804-826	date:	2018-05-09T00:00:00
db:	NVD	id:	CVE-2018-7758	date:	2024-11-21T04:12:40.817

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-137790	date:	2018-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004488	date:	2018-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201804-826	date:	2018-04-18T00:00:00
db:	NVD	id:	CVE-2018-7758	date:	2018-04-18T20:29:00.623