CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-7797
https://notcve.org/view.php?id=CVE-2018-7797
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. Existe una vulnerabilidad de redirección de URL en Power Monitoring Expert, Energy Expert (anteriormente Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (todas las ediciones), EcoStruxure Energy Expert 1.3 (anteriormente Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0 y EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module, lo que podría provocar un ataque de phishing cuando se redirecciona a un sitio malicioso. • http://www.securityfocus.com/bid/106277 https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-7804
https://notcve.org/view.php?id=CVE-2018-7804
A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing. Existe una vulnerabilidad de redirección de URL a sitio no fiable en los servidores web embebidos en todos los Modicon M340, Premium, Quantum PLCs y BMXNOR0200, donde un usuario que hace clic en un enlace especialmente manipulado puede ser redirigido a una URL escogida por el atacante. • https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-7833
https://notcve.org/view.php?id=CVE-2018-7833
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable Existe una vulnerabilidad de comprobación incorrecta de condiciones inusuales o excepcionales en los servidores web embebidos en todos los Modicon M340, Premium, Quantum PLCs y BMXNOR0200, donde un usuario no autenticado puede enviar datos XML especialmente manipulados mediante una petición POST para provocar que el servidor web deje de estar disponible. • https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-7812
https://notcve.org/view.php?id=CVE-2018-7812
An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. Existe una vulnerabilidad de divulgación de información mediante discrepancia en los servidores web embebidos en todos los Modicon M340, Premium, Quantum PLCs y BMXNOR0200, donde el servidor web envía diferentes respuestas de forma que expone información relevante para la seguridad sobre el estado del producto, como si una operación en concreto ha sido exitosa o no. • https://github.com/SadFud/Exploits/tree/master/Real%20World/SCADA%20-%20IOT%20Systems/CVE-2018-7812 https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7813 – Schneider Electric GUIcon GD1 File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7813
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file Existe una vulnerabilidad de confusión de tipos (CWE-843) en Eurotherm, de Schneider Electric GUIcon V2.0 (Gold Build 683.0), en pcwin.dll, lo que podría provocar que se ejecute código remoto al analizar un archivo GD1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric GUIcon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GD1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • http://www.securityfocus.com/bid/106218 https://www.schneider-electric.com/ww/en/download/document/SEVD-2018-338-01 • CWE-704: Incorrect Type Conversion or Cast •