// For flags

CVE-2018-7809

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.

Existe una vulnerabilidad de cambio de contraseña sin verificar en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podría permitir que un usuario remoto no autenticado acceda a la función de borrado de contraseñas del servidor web.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-03-08 CVE Reserved
  • 2018-11-30 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-640: Weak Password Recovery Mechanism for Forgotten Password
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
Modicom M340 Firmware
Search vendor "Schneider-electric" for product "Modicom M340 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicom M340
Search vendor "Schneider-electric" for product "Modicom M340"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicom Premium Firmware
Search vendor "Schneider-electric" for product "Modicom Premium Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicom Premium
Search vendor "Schneider-electric" for product "Modicom Premium"
*-
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicom Quantum Firmware
Search vendor "Schneider-electric" for product "Modicom Quantum Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicom Quantum
Search vendor "Schneider-electric" for product "Modicom Quantum"
*-
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicom Bmxnor0200h Firmware
Search vendor "Schneider-electric" for product "Modicom Bmxnor0200h Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicom Bmxnor0200h
Search vendor "Schneider-electric" for product "Modicom Bmxnor0200h"
--
Safe