// For flags

CVE-2018-7831

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.

Existe una vulnerabilidad de neutralización incorrecta de etiquetas HTML relacionadas con scripts en una página web (XSS básico) en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podría permitir que un atacante envíe una URL especialmente manipulada a un usuario autenticado del servidor web para que ejecute un cambio de contraseña en el servidor web.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-03-08 CVE Reserved
  • 2018-11-30 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
Modicom M340 Firmware
Search vendor "Schneider-electric" for product "Modicom M340 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicom M340
Search vendor "Schneider-electric" for product "Modicom M340"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicom Premium Firmware
Search vendor "Schneider-electric" for product "Modicom Premium Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicom Premium
Search vendor "Schneider-electric" for product "Modicom Premium"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicom Quantum Firmware
Search vendor "Schneider-electric" for product "Modicom Quantum Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicom Quantum
Search vendor "Schneider-electric" for product "Modicom Quantum"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicom Bmxnor0200h Firmware
Search vendor "Schneider-electric" for product "Modicom Bmxnor0200h Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicom Bmxnor0200h
Search vendor "Schneider-electric" for product "Modicom Bmxnor0200h"
--
Safe