Vulnerability CVE-2018-7760


Published: 2018-04-18

Description:
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.

Type:

CWE-287

(Improper Authentication)

Vendor: Schneider-electric
Product: 140cpu65150c firmware 
Product: Tsxp57254m firmware 
Product: 140cpu31110 firmware 
Product: Tsxp57154mc firmware 
Product: Tsxh5744m firmware 
Product: Bmxp3420302 firmware 
Product: Tsxp575634mc firmware 
Product: Bmxp342000 firmware 
Product: Tsxp574634m firmware 
Product: 140cpu65860c firmware 
Product: Tsxp57354mc firmware 
Product: 140cpu65160c firmware 
Product: Tsxp572634m firmware 
Product: 140cpu43412u firmware 
Product: Tsxp571634mc firmware 
Product: Tsxp57104m firmware 
Product: Bmxp3420302h firmware 
Product: Tsxp576634mc firmware 
Product: Bmxp3420102cl firmware 
Product: Tsxp57554m firmware 
Product: Bmxnor0200h firmware 
Product: Tsxp573634mc firmware 
Product: 140cpu65260 firmware 
Product: Tsxp57304m firmware 
Product: 140cpu65150 firmware 
Product: Tsxp57204mc firmware 
Product: Tsxp57154m firmware 
Product: Tsxh5724mc firmware 
Product: Bmxp342020h firmware 
Product: Tsxp575634m firmware 
Product: Bmxp341000h firmware 
Product: Tsxp57454mc firmware 
Product: 140cpu65860 firmware 
Product: Tsxp57354m firmware 
Product: 140cpu65160 firmware 
Product: Tsxp57254mc firmware 
Product: 140cpu31110c firmware 
Product: Tsxp571634m firmware 
Product: Tsxh5744mc firmware 
Product: Bmxp3420302cl firmware 
Product: Tsxp576634m firmware 
Product: Bmxp3420102 firmware 
Product: Tsxp574634mc firmware 
Product: Bmxnor0200 firmware 
Product: Tsxp573634m firmware 
Product: 140cpu65160s firmware 
Product: Tsxp572634mc firmware 
Product: 140cpu43412uc firmware 
Product: Tsxp57204m firmware 
Product: Tsxp57104mc firmware 
Product: Tsxh5724m firmware 
Product: Bmxp342020 firmware 
Product: Tsxp57554mc firmware 
Product: Bmxp341000 firmware 
Product: Tsxp57454m firmware 
Product: 140cpu65260c firmware 
Product: Tsxp57304mc firmware 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/

Related CVE
CVE-2017-9637
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connectio...
CVE-2017-9635
Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. ...
CVE-2017-6021
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send speci...
CVE-2018-7762
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.
CVE-2018-7761
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
CVE-2018-7759
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as th...
CVE-2018-7758
A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP ...
CVE-2018-7246
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could all...

Copyright 2018, cxsecurity.com

 

Back to Top