Vulnerability CVE-2018-7242


Published: 2018-04-18

Description:
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.

Type:

CWE-326

(Inadequate Encryption Strength)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Schneider-electric -> Tsxp57154m firmware 
Schneider-electric -> Tsxp57454m firmware 
Schneider-electric -> Bmxp341000 firmware 
Schneider-electric -> Tsxp57154mc firmware 
Schneider-electric -> Tsxp57454mc firmware 
Schneider-electric -> 140cpu31110 firmware 
Schneider-electric -> Bmxp341000h firmware 
Schneider-electric -> Tsxp571634m firmware 
Schneider-electric -> Tsxp574634m firmware 
Schneider-electric -> 140cpu31110c firmware 
Schneider-electric -> Bmxp342000 firmware 
Schneider-electric -> Tsxp571634mc firmware 
Schneider-electric -> Tsxp574634mc firmware 
Schneider-electric -> 140cpu43412u firmware 
Schneider-electric -> Bmxp3420102 firmware 
Schneider-electric -> Tsxp57204m firmware 
Schneider-electric -> Tsxp57554m firmware 
Schneider-electric -> 140cpu43412uc firmware 
Schneider-electric -> Bmxp3420102cl firmware 
Schneider-electric -> Tsxp57204mc firmware 
Schneider-electric -> Tsxp57554mc firmware 
Schneider-electric -> 140cpu65150 firmware 
Schneider-electric -> Bmxp342020 firmware 
Schneider-electric -> Tsxp57254m firmware 
Schneider-electric -> Tsxp575634m firmware 
Schneider-electric -> 140cpu65150c firmware 
Schneider-electric -> Bmxp342020h firmware 
Schneider-electric -> Tsxp57254mc firmware 
Schneider-electric -> Tsxp575634mc firmware 
Schneider-electric -> 140cpu65160 firmware 
Schneider-electric -> Bmxp3420302 firmware 
Schneider-electric -> Tsxp572634m firmware 
Schneider-electric -> Tsxp576634m firmware 
Schneider-electric -> 140cpu65160c firmware 
Schneider-electric -> Bmxp3420302cl firmware 
Schneider-electric -> Tsxp572634mc firmware 
Schneider-electric -> Tsxp576634mc firmware 
Schneider-electric -> 140cpu65160s firmware 
Schneider-electric -> Bmxp3420302h firmware 
Schneider-electric -> Tsxp57304m firmware 
Schneider-electric -> 140cpu65260 firmware 
Schneider-electric -> Tsxh5724m firmware 
Schneider-electric -> Tsxp57304mc firmware 
Schneider-electric -> 140cpu65260c firmware 
Schneider-electric -> Tsxh5724mc firmware 
Schneider-electric -> Tsxp57354m firmware 
Schneider-electric -> 140cpu65860 firmware 
Schneider-electric -> Tsxh5744m firmware 
Schneider-electric -> Tsxp57354mc firmware 
Schneider-electric -> 140cpu65860c firmware 
Schneider-electric -> Tsxh5744mc firmware 
Schneider-electric -> Tsxp573634m firmware 
Schneider-electric -> Bmxnor0200 firmware 
Schneider-electric -> Tsxp57104m firmware 
Schneider-electric -> Tsxp573634mc firmware 
Schneider-electric -> Bmxnor0200h firmware 
Schneider-electric -> Tsxp57104mc firmware 

 References:
http://www.securityfocus.com/bid/103543
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/

Copyright 2024, cxsecurity.com

 

Back to Top