CVE-2018-7812
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Existe una vulnerabilidad de divulgación de información mediante discrepancia en los servidores web embebidos en todos los Modicon M340, Premium, Quantum PLCs y BMXNOR0200, donde el servidor web envía diferentes respuestas de forma que expone información relevante para la seguridad sobre el estado del producto, como si una operación en concreto ha sido exitosa o no.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-08 CVE Reserved
- 2018-12-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/SadFud/Exploits/tree/master/Real%20World/SCADA%20-%20IOT%20Systems/CVE-2018-7812 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 | 2018-12-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Modicom M340 Firmware Search vendor "Schneider-electric" for product "Modicom M340 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicom M340 Search vendor "Schneider-electric" for product "Modicom M340" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicom Premium Firmware Search vendor "Schneider-electric" for product "Modicom Premium Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicom Premium Search vendor "Schneider-electric" for product "Modicom Premium" | * | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicom Quantum Firmware Search vendor "Schneider-electric" for product "Modicom Quantum Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicom Quantum Search vendor "Schneider-electric" for product "Modicom Quantum" | * | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicom Bmxnor0200h Firmware Search vendor "Schneider-electric" for product "Modicom Bmxnor0200h Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicom Bmxnor0200h Search vendor "Schneider-electric" for product "Modicom Bmxnor0200h" | - | - |
Safe
|