Vulnerabilities > CVE-2018-7833 - Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

schneider-electric

CWE-754

NVD

Published: 2018-12-17

Updated: 2018-12-28

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Modicom M340 Firmware * Schneider Electric Modicom Premium Firmware * Schneider Electric Modicom Quantum Firmware * Schneider Electric Modicom Bmxnor0200H Firmware *	4
Hardware	Schneider-Electric Schneider Electric Modicom M340 - Schneider Electric Modicom Premium * Schneider Electric Modicom Quantum * Schneider Electric Modicom Bmxnor0200H -	4

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/