Sign-up

ID

VAR-201804-1336


CVE

CVE-2018-7760


TITLE

plural Schneider Electric Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-004490

DESCRIPTION

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. plural Schneider Electric The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. Security vulnerabilities exist in several Schneider Electric products. A remote attacker could exploit the vulnerability to execute arbitrary code by sending a specially crafted request

Trust: 2.43

sources: NVD: CVE-2018-7760 // JVNDB: JVNDB-2018-004490 // CNVD: CNVD-2018-11259 // IVD: e2f245ae-39ab-11e9-8d5a-000c29342cb1 // VULHUB: VHN-137792

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f245ae-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11259

AFFECTED PRODUCTS

vendor:schneider electricmodel:bmxnor0200scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp57554mscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxh5724mscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:140cpu65260scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxh5744mcscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:140cpu65150scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:140cpu31110scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:140cpu65160scope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:140cpu43412uscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:bmxnor0200hscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:tsxp57154mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57254mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342000scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57204mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57254mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57454mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp575634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57554mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57104mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp575634mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp574634mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp341000hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65860cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57454mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp573634mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp571634mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp573634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57104mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57304mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57304mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65150cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57354mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65160sscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65160cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxh5744mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57154mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp576634mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342020hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp571634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65260cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu65860scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302clscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu43412ucscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp574634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxh5724mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp341000scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342020scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp572634mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420102clscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57204mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp572634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420102scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu31110cscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp57354mcscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:tsxp576634mscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:140cpu31110scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxnor0200scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp341000scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxh5724mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp57104mscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantum plcscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric bmxnor0200scope: - version: -

Trust: 0.6

vendor:140cpu65160cmodel: - scope:eqversion: -

Trust: 0.4

vendor:tsxh5724mmodel: - scope:eqversion: -

Trust: 0.4

vendor:tsxh5744mcmodel: - scope:eqversion: -

Trust: 0.4

vendor:bmxnor0200model: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65150cmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu31110cmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu43412ucmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65260cmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65860cmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp341000model: - scope:eqversion: -

Trust: 0.2

vendor:bmxp342000model: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420102model: - scope:eqversion: -

Trust: 0.2

vendor:bmxnor0200hmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420102clmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp342020model: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420302model: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420302clmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp3420302hmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp342020hmodel: - scope:eqversion: -

Trust: 0.2

vendor:bmxp341000hmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxh5744mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57104mmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65150model: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57154mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp571634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57204mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57254mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp572634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57304mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57354mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp573634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57454mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp574634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu31110model: - scope:eqversion: -

Trust: 0.2

vendor:tsxp575634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp576634mmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxh5724mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57104mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57154mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp571634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57204mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57254mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp572634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu43412umodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57304mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57354mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp573634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57454mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp574634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57554mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp575634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:tsxp576634mcmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65160model: - scope:eqversion: -

Trust: 0.2

vendor:tsxp57554mmodel: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65260model: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65860model: - scope:eqversion: -

Trust: 0.2

vendor:140cpu65160smodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2f245ae-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11259 // JVNDB: JVNDB-2018-004490 // CNNVD: CNNVD-201804-824 // NVD: CVE-2018-7760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7760
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7760
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-11259
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201804-824
value: HIGH

Trust: 0.6

IVD: e2f245ae-39ab-11e9-8d5a-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-137792
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7760
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11259
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f245ae-39ab-11e9-8d5a-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137792
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7760
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f245ae-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11259 // VULHUB: VHN-137792 // JVNDB: JVNDB-2018-004490 // CNNVD: CNNVD-201804-824 // NVD: CVE-2018-7760

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-137792 // JVNDB: JVNDB-2018-004490 // NVD: CVE-2018-7760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-824

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201804-824

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004490

PATCH
title:SEVD-2018-081-02url:https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-02+Modicon.pdf&p_Doc_Ref=SEVD-2018-081-02
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-004490

EXTERNAL IDS
db:NVDid:CVE-2018-7760
Trust: 3.3
db:SCHNEIDERid:SEVD-2018-081-02
Trust: 2.3
db:CNVDid:CNVD-2018-11259
Trust: 0.8
db:CNNVDid:CNNVD-201804-824
Trust: 0.8
db:JVNDBid:JVNDB-2018-004490
Trust: 0.8
db:IVDid:E2F245AE-39AB-11E9-8D5A-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-137792
Trust: 0.1
sources:
            
            
            IVD: e2f245ae-39ab-11e9-8d5a-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-11259 // 
            
            
            
            VULHUB: VHN-137792 // 
            
            
            
            JVNDB: JVNDB-2018-004490 // 
            
            
            
            CNNVD: CNNVD-201804-824 // 
            
            
            
            NVD: CVE-2018-7760

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2018-081-02/
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7760
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7760
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-11259 // 
            
            
            
            VULHUB: VHN-137792 // 
            
            
            
            JVNDB: JVNDB-2018-004490 // 
            
            
            
            CNNVD: CNNVD-201804-824 // 
            
            
            
            NVD: CVE-2018-7760

SOURCES
db:IVDid:e2f245ae-39ab-11e9-8d5a-000c29342cb1
db:CNVDid:CNVD-2018-11259
db:VULHUBid:VHN-137792
db:JVNDBid:JVNDB-2018-004490
db:CNNVDid:CNNVD-201804-824
db:NVDid:CVE-2018-7760

LAST UPDATE DATE
2024-11-23T21:39:00.330000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11259date:2018-06-12T00:00:00
db:VULHUBid:VHN-137792date:2018-05-24T00:00:00
db:JVNDBid:JVNDB-2018-004490date:2018-06-21T00:00:00
db:CNNVDid:CNNVD-201804-824date:2018-05-09T00:00:00
db:NVDid:CVE-2018-7760date:2024-11-21T04:12:41.097

SOURCES RELEASE DATE
db:IVDid:e2f245ae-39ab-11e9-8d5a-000c29342cb1date:2018-06-12T00:00:00
db:CNVDid:CNVD-2018-11259date:2018-06-12T00:00:00
db:VULHUBid:VHN-137792date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004490date:2018-06-21T00:00:00
db:CNNVDid:CNNVD-201804-824date:2018-04-18T00:00:00
db:NVDid:CVE-2018-7760date:2018-04-18T20:29:00.747