var-201804-1269
Vulnerability from variot
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. plural Schneider Electric The product contains a vulnerability related to cryptographic strength.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\Modicon Quantum\Modicon M340\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a weak encryption algorithm vulnerability that stems from the fact that the FTP server does not limit the length of the command parameters, which can cause buffer overflows. Multiple Schneider Electric Modicon products are prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxp57554m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412uc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412u",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 pac",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "140cpu65160c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5724m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5744mc",
"version": null
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon bmxnor0200",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412uc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5744m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5724mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412u",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160s",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnor0200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_m340",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_premium",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_quantum_plc",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikita Maximov (Positive Technologies)",
"sources": [
{
"db": "BID",
"id": "103543"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7242",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-06519",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137274",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7242",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7242",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7242",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06519",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-1000",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137274",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. plural Schneider Electric The product contains a vulnerability related to cryptographic strength.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\\\Modicon Quantum\\\\Modicon M340\\\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a weak encryption algorithm vulnerability that stems from the fact that the FTP server does not limit the length of the command parameters, which can cause buffer overflows. Multiple Schneider Electric Modicon products are prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7242"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137274"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7242",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-086-01",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-081-01",
"trust": 2.0
},
{
"db": "BID",
"id": "103543",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06519",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "39225",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2EA2F5E-39AB-11E9-890E-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137274",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"id": "VAR-201804-1269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
}
],
"trust": 1.7565656666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
}
]
},
"last_update_date": "2024-11-23T22:45:23.622000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Notification - Embedded FTP Servers for Modicon",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
},
{
"title": "Multiple Schneider Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79470"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-086-01"
},
{
"trust": 2.0,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-081-01/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/103543"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7242"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7242"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39225"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137274"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103543"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"date": "2018-04-18T20:29:00.373000",
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"date": "2018-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-137274"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103543"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"date": "2024-11-21T04:11:51.740000",
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Vulnerability related to cryptographic strength in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…