Vulnerability CVE-2018-7758
Published: 2018-04-18

Description:
A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number.

Type:

CWE-613

 (Insufficient Session Expiration)

CVSS2 => (AV:A/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Schneider-electric -> Micom p546 firmware 
Schneider-electric -> Micom p141 firmware 
Schneider-electric -> Micom p642 firmware 
Schneider-electric -> Micom p142 firmware 
Schneider-electric -> Micom p643 firmware 
Schneider-electric -> Micom p143 firmware 
Schneider-electric -> Micom p645 firmware 
Schneider-electric -> Micom p145 firmware 
Schneider-electric -> Micom p746 firmware 
Schneider-electric -> Micom p441 firmware 
Schneider-electric -> Micom p841a firmware 
Schneider-electric -> Micom p442 firmware 
Schneider-electric -> Micom p841b firmware 
Schneider-electric -> Micom p443 firmware 
Schneider-electric -> Micom p849 firmware 
Schneider-electric -> Micom p444 firmware 
Schneider-electric -> Micom p445 firmware 
Schneider-electric -> Micom p446 firmware 
Schneider-electric -> Micom p541 firmware 
Schneider-electric -> Micom p542 firmware 
Schneider-electric -> Micom p543 firmware 
Schneider-electric -> Micom p544 firmware 
Schneider-electric -> Micom p545 firmware 

 References:
https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/
https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/
https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/
Copyright 2024, cxsecurity.com

 

Back to Top