Hard Coded Accounts in Schneider Electric's Industrial Controllers
CVE-2018-7241
9.8CRITICAL
Key Information:
- Vendor
Schneider Electric
- Vendor
- CVE Published:
- 18 April 2018
What is CVE-2018-7241?
Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers contain hard coded accounts within their communication modules. This design flaw can potentially allow unauthorized access to the systems, compromising the integrity and security of the industrial automation processes they oversee. Users are advised to apply necessary patches and follow best security practices to mitigate related risks.
Affected Version(s)
Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200 All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200