CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7831
https://notcve.org/view.php?id=CVE-2018-7831
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. Existe una vulnerabilidad de neutralización incorrecta de etiquetas HTML relacionadas con scripts en una página web (XSS básico) en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podría permitir que un atacante envíe una URL especialmente manipulada a un usuario autenticado del servidor web para que ejecute un cambio de contraseña en el servidor web. • https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 https://www.tenable.com/security/research/tra-2018-38 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7809
https://notcve.org/view.php?id=CVE-2018-7809
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. Existe una vulnerabilidad de cambio de contraseña sin verificar en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podría permitir que un usuario remoto no autenticado acceda a la función de borrado de contraseñas del servidor web. • https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 https://www.tenable.com/security/research/tra-2018-38 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7806
https://notcve.org/view.php?id=CVE-2018-7806
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. Data Center Operation permite la subida de un archivo .zip desde su interfaz de usuario al servidor. • https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7807
https://notcve.org/view.php?id=CVE-2018-7807
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. Data Center Expert, en versiones 7.5.0 y anteriores, permite la subida de un archivo .zip desde su interfaz de usuario al servidor. • https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7799
https://notcve.org/view.php?id=CVE-2018-7799
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. Existe una vulnerabilidad de secuestro de DLL en Schneider Electric Software Update (SESU), en todas las versiones anteriores a la V2.2.0, lo que podría permitir que un atacante ejecutar código arbitrario en el sistema objetivo al colocar un archivo DLL específico. • http://www.securityfocus.com/bid/105951 https://ics-cert.us-cert.gov/advisories/ICSA-18-305-02 https://www.schneider-electric.com/en/download/document/SEVD-2018-298-01 • CWE-427: Uncontrolled Search Path Element •