Vulnerabilities > CVE-2018-7758 - Insufficient Session Expiration vulnerability in Schneider-Electric products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/