Vulnerability CVE-2018-7241


Published: 2018-04-18   Modified: 2018-04-19

Description:
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.

Type:

CWE-798

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Schneider-electric -> Tsxp57154m firmware 
Schneider-electric -> Tsxp57454m firmware 
Schneider-electric -> Bmxp341000 firmware 
Schneider-electric -> Tsxp57154mc firmware 
Schneider-electric -> Tsxp57454mc firmware 
Schneider-electric -> 140cpu31110 firmware 
Schneider-electric -> Bmxp341000h firmware 
Schneider-electric -> Tsxp571634m firmware 
Schneider-electric -> Tsxp574634m firmware 
Schneider-electric -> 140cpu31110c firmware 
Schneider-electric -> Bmxp342000 firmware 
Schneider-electric -> Tsxp571634mc firmware 
Schneider-electric -> Tsxp574634mc firmware 
Schneider-electric -> 140cpu43412u firmware 
Schneider-electric -> Bmxp3420102 firmware 
Schneider-electric -> Tsxp57204m firmware 
Schneider-electric -> Tsxp57554m firmware 
Schneider-electric -> 140cpu43412uc firmware 
Schneider-electric -> Bmxp3420102cl firmware 
Schneider-electric -> Tsxp57204mc firmware 
Schneider-electric -> Tsxp57554mc firmware 
Schneider-electric -> 140cpu65150 firmware 
Schneider-electric -> Bmxp342020 firmware 
Schneider-electric -> Tsxp57254m firmware 
Schneider-electric -> Tsxp575634m firmware 
Schneider-electric -> 140cpu65150c firmware 
Schneider-electric -> Bmxp342020h firmware 
Schneider-electric -> Tsxp57254mc firmware 
Schneider-electric -> Tsxp575634mc firmware 
Schneider-electric -> 140cpu65160 firmware 
Schneider-electric -> Bmxp3420302 firmware 
Schneider-electric -> Tsxp572634m firmware 
Schneider-electric -> Tsxp576634m firmware 
Schneider-electric -> 140cpu65160c firmware 
Schneider-electric -> Bmxp3420302cl firmware 
Schneider-electric -> Tsxp572634mc firmware 
Schneider-electric -> Tsxp576634mc firmware 
Schneider-electric -> 140cpu65160s firmware 
Schneider-electric -> Bmxp3420302h firmware 
Schneider-electric -> Tsxp57304m firmware 
Schneider-electric -> 140cpu65260 firmware 
Schneider-electric -> Tsxh5724m firmware 
Schneider-electric -> Tsxp57304mc firmware 
Schneider-electric -> 140cpu65260c firmware 
Schneider-electric -> Tsxh5724mc firmware 
Schneider-electric -> Tsxp57354m firmware 
Schneider-electric -> 140cpu65860 firmware 
Schneider-electric -> Tsxh5744m firmware 
Schneider-electric -> Tsxp57354mc firmware 
Schneider-electric -> 140cpu65860c firmware 
Schneider-electric -> Tsxh5744mc firmware 
Schneider-electric -> Tsxp573634m firmware 
Schneider-electric -> Bmxnor0200 firmware 
Schneider-electric -> Tsxp57104m firmware 
Schneider-electric -> Tsxp573634mc firmware 
Schneider-electric -> Bmxnor0200h firmware 
Schneider-electric -> Tsxp57104mc firmware 

 References:
http://www.securityfocus.com/bid/103542
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/

Copyright 2022, cxsecurity.com

 

Back to Top