Podatność CVE-2018-7242

Podatność CVE-2018-7242

Publikacja: 2018-04-18

Opis:

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.

Typ:

CWE-326

(Inadequate Encryption Strength)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
5/10	2.9/10	10/10

Wymagany dostęp	Złożoność ataku	Autoryzacja
Zdalny	Niska	Nie wymagana
Wpływ na poufność	Wpływ na integralność	Wpływ na dostępność
Częściowy	Brak	Brak

Affected software
Schneider-electric -> Bmxp341000 firmware
Schneider-electric -> Tsxp57154m firmware
Schneider-electric -> Tsxp57454m firmware
Schneider-electric -> 140cpu31110 firmware
Schneider-electric -> Bmxp341000h firmware
Schneider-electric -> Tsxp57154mc firmware
Schneider-electric -> Tsxp57454mc firmware
Schneider-electric -> 140cpu31110c firmware
Schneider-electric -> Bmxp342000 firmware
Schneider-electric -> Tsxp571634m firmware
Schneider-electric -> Tsxp574634m firmware
Schneider-electric -> 140cpu43412u firmware
Schneider-electric -> Bmxp3420102 firmware
Schneider-electric -> Tsxp571634mc firmware
Schneider-electric -> Tsxp574634mc firmware
Schneider-electric -> 140cpu43412uc firmware
Schneider-electric -> Bmxp3420102cl firmware
Schneider-electric -> Tsxp57204m firmware
Schneider-electric -> Tsxp57554m firmware
Schneider-electric -> 140cpu65150 firmware
Schneider-electric -> Bmxp342020 firmware
Schneider-electric -> Tsxp57204mc firmware
Schneider-electric -> Tsxp57554mc firmware
Schneider-electric -> 140cpu65150c firmware
Schneider-electric -> Bmxp342020h firmware
Schneider-electric -> Tsxp57254m firmware
Schneider-electric -> Tsxp575634m firmware
Schneider-electric -> 140cpu65160 firmware
Schneider-electric -> Bmxp3420302 firmware
Schneider-electric -> Tsxp57254mc firmware
Schneider-electric -> Tsxp575634mc firmware
Schneider-electric -> 140cpu65160c firmware
Schneider-electric -> Bmxp3420302cl firmware
Schneider-electric -> Tsxp572634m firmware
Schneider-electric -> Tsxp576634m firmware
Schneider-electric -> 140cpu65160s firmware
Schneider-electric -> Bmxp3420302h firmware
Schneider-electric -> Tsxp572634mc firmware
Schneider-electric -> Tsxp576634mc firmware
Schneider-electric -> 140cpu65260 firmware
Schneider-electric -> Tsxh5724m firmware
Schneider-electric -> Tsxp57304m firmware
Schneider-electric -> 140cpu65260c firmware
Schneider-electric -> Tsxh5724mc firmware
Schneider-electric -> Tsxp57304mc firmware
Schneider-electric -> 140cpu65860 firmware
Schneider-electric -> Tsxh5744m firmware
Schneider-electric -> Tsxp57354m firmware
Schneider-electric -> 140cpu65860c firmware
Schneider-electric -> Tsxh5744mc firmware
Schneider-electric -> Tsxp57354mc firmware
Schneider-electric -> Bmxnor0200 firmware
Schneider-electric -> Tsxp57104m firmware
Schneider-electric -> Tsxp573634m firmware
Schneider-electric -> Bmxnor0200h firmware
Schneider-electric -> Tsxp57104mc firmware
Schneider-electric -> Tsxp573634mc firmware

Referencje:

http://www.securityfocus.com/bid/103543

https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01

https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/

Podatność CVE-2018-7242

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.

CWE-326

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

5/10

2.9/10

10/10

Zdalny

Niska

Nie wymagana

Częściowy

Brak

Brak

Affected software

Referencje: