CVE-2018-7810

6.1MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Embedded Web Servers In All Modicon M340, Premium, Quantum Plcs And Bmxnor0200
Vendor: CVE Published:; 30 November 2018

Summary

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.

Affected Version(s)

Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200

References

https://www.tenable.com/security/research/tra-2018-38

x_refsource_MISC

https://www.schneider-electric.com/en/download/document/S...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 30, 2018
Vulnerability Reserved
Mar 8, 2018