Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-7848 (GCVE-0-2018-7848)
Vulnerability from cvelistv5 – Published: 2019-05-22 19:59 – Updated: 2024-08-05 06:37
VLAI?
EPSS
Summary
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
Severity ?
No CVSS data available.
CWE
- Multiple Vulnerabilities
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Affected:
Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T16:06:06.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium",
"version": {
"version_data": [
{
"version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7848",
"datePublished": "2019-05-22T19:59:26.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2019-AVI-384
Vulnerability from certfr_avis - Published: 2019-08-13 - Updated: 2019-08-14
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions antérieures à 1.1.0 | ||
| Schneider Electric | N/A | Wiser for KNX (anciennement homeLYnk) versions antérieures à 2.4.0 | ||
| Schneider Electric | N/A | Modicon Premium | ||
| Schneider Electric | N/A | TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et antérieure, sans le correctif de sécurité TelevisGo_HotFix_20190715.exe | ||
| Schneider Electric | N/A | Magelis HMIGTO series | ||
| Schneider Electric | N/A | Magelis XBTGH series | ||
| Schneider Electric | N/A | Magelis HMIGTUX series | ||
| Schneider Electric | N/A | Magelis XBTGC series | ||
| Schneider Electric | N/A | Modicon M580 versions antérieures à V2.90 | ||
| Schneider Electric | N/A | Magelis HMIGTU series | ||
| Schneider Electric | N/A | BMXNOR0200H Ethernet / Serial RTU module | ||
| Schneider Electric | N/A | Magelis HMISTO series | ||
| Schneider Electric | N/A | Magelis HMISCU series | ||
| Schneider Electric | N/A | Magelis HMIGXO series | ||
| Schneider Electric | Modicon M340 | Modicon M340 versions antérieures à V3.10 | ||
| Schneider Electric | N/A | Schneider Electric Software Update (SESU) SUT Service component versions antérieures à 2.3.1 | ||
| Schneider Electric | N/A | Magelis XBTGT series | ||
| Schneider Electric | N/A | Magelis HMIGXU series | ||
| Schneider Electric | N/A | Magelis HMISTU series | ||
| Schneider Electric | N/A | spaceLYnk versions antérieures à 2.4.0 | ||
| Schneider Electric | N/A | Modicon Quantum |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser for KNX (anciennement homeLYnk) versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et ant\u00e9rieure, sans le correctif de s\u00e9curit\u00e9 TelevisGo_HotFix_20190715.exe",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGTO series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis XBTGH series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGTUX series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis XBTGC series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 versions ant\u00e9rieures \u00e0 V2.90",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGTU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMXNOR0200H Ethernet / Serial RTU module",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMISTO series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMISCU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGXO series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 versions ant\u00e9rieures \u00e0 V3.10",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Software Update (SESU) SUT Service component versions ant\u00e9rieures \u00e0 2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis XBTGT series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGXU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMISTU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "spaceLYnk versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Quantum",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-15361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15361"
},
{
"name": "CVE-2019-8262",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8262"
},
{
"name": "CVE-2019-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8277"
},
{
"name": "CVE-2019-6828",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6828"
},
{
"name": "CVE-2019-8265",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8265"
},
{
"name": "CVE-2019-8269",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8269"
},
{
"name": "CVE-2019-8260",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8260"
},
{
"name": "CVE-2019-8263",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8263"
},
{
"name": "CVE-2019-6832",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6832"
},
{
"name": "CVE-2019-8261",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8261"
},
{
"name": "CVE-2019-8276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8276"
},
{
"name": "CVE-2018-7846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7846"
},
{
"name": "CVE-2019-8259",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8259"
},
{
"name": "CVE-2018-7842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7842"
},
{
"name": "CVE-2018-7849",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7849"
},
{
"name": "CVE-2019-8271",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8271"
},
{
"name": "CVE-2019-6831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6831"
},
{
"name": "CVE-2019-6813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6813"
},
{
"name": "CVE-2019-6809",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6809"
},
{
"name": "CVE-2019-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6829"
},
{
"name": "CVE-2018-7852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7852"
},
{
"name": "CVE-2019-8267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8267"
},
{
"name": "CVE-2019-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6830"
},
{
"name": "CVE-2019-6810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6810"
},
{
"name": "CVE-2018-7854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7854"
},
{
"name": "CVE-2019-8280",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8280"
},
{
"name": "CVE-2018-7844",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7844"
},
{
"name": "CVE-2018-7847",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7847"
},
{
"name": "CVE-2018-7855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7855"
},
{
"name": "CVE-2019-8275",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8275"
},
{
"name": "CVE-2019-8274",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8274"
},
{
"name": "CVE-2019-6808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6808"
},
{
"name": "CVE-2019-6826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6826"
},
{
"name": "CVE-2018-7850",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7850"
},
{
"name": "CVE-2018-7856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7856"
},
{
"name": "CVE-2019-8266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8266"
},
{
"name": "CVE-2019-8270",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8270"
},
{
"name": "CVE-2019-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6834"
},
{
"name": "CVE-2019-68067",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-68067"
},
{
"name": "CVE-2018-7845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7845"
},
{
"name": "CVE-2019-8258",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8258"
},
{
"name": "CVE-2018-7857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
},
{
"name": "CVE-2019-8264",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8264"
},
{
"name": "CVE-2019-6833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6833"
},
{
"name": "CVE-2019-8272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8272"
},
{
"name": "CVE-2019-8268",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8268"
},
{
"name": "CVE-2019-68077",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-68077"
},
{
"name": "CVE-2019-8273",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8273"
},
{
"name": "CVE-2018-7853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7853"
},
{
"name": "CVE-2018-7843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7843"
},
{
"name": "CVE-2018-7848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7848"
}
],
"initial_release_date": "2019-08-13T00:00:00",
"last_revision_date": "2019-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-384",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-08-13T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
"revision_date": "2019-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-06 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-06-SESU_SUT_Service.pdf\u0026p_Doc_Ref=SEVD-2019-225-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-04_SoMachine_HVAC_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-01 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-01-Magelis_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-03 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-03-Modicon-Ethernet+-Serial-RTU-Module-Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-07 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-07-spaceLYnk-homeLYnk.pdf\u0026p_Doc_Ref=SEVD-2019-225-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-02 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-02-Modicon_M340_Controllers_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-11 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-11-V2-Modicon-Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-134-11"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-05 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-05-TelevisGO_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-05"
}
]
}
CERTFR-2019-AVI-312
Vulnerability from certfr_avis - Published: 2019-07-09 - Updated: 2019-07-09
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | SCADAPack 300 E et 500 E series RTU (312E, 313E, 314E, 330E, 333E, 337E, 350E, 530E, 535E) | ||
| Schneider Electric | N/A | SCADAPack 57x RTU (570, 575) | ||
| Schneider Electric | N/A | SCADAPack 300 series RTU (314, 330, 334, 350) | ||
| Schneider Electric | Modicon M340 | Modicon M340 versions antérieures à V2.70 | ||
| Schneider Electric | N/A | Modicon M580 versions antérieures à V2.90 | ||
| Schneider Electric | N/A | Modicon Quantum versions antérieures à V3.12 | ||
| Schneider Electric | N/A | Interactive Graphical SCADA System (IGSS) versions antérieures à 13.0.0.19140 | ||
| Schneider Electric | N/A | Modicon M580 versions antérieures à V2.01 | ||
| Schneider Electric | N/A | Modicon Ethernet Module BMENOC0301 versions antérieures à V2.16 | ||
| Schneider Electric | Modicon M340 | Modicon M340 versions antérieures à V3.01 | ||
| Schneider Electric | N/A | Interactive Graphical SCADA System (IGSS) versions 14.x antérieures à 14.0.0.19120 | ||
| Schneider Electric | N/A | Modicon M221 | ||
| Schneider Electric | N/A | Zelio Soft 2 versions antérieures à v5.3 | ||
| Schneider Electric | N/A | Modicon Premium versions antérieures à V3.10 | ||
| Schneider Electric | N/A | SCADAPack 32 RTU | ||
| Schneider Electric | N/A | Control Expert versions antérieures à V14.0 sans le dernier correctif de sécurité | ||
| Schneider Electric | N/A | Modicon Momentum M1E 171CBU98090Modicon Momentum M1E 171CBU98091 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCADAPack 300 E et 500 E series RTU (312E, 313E, 314E, 330E, 333E, 337E, 350E, 530E, 535E)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCADAPack 57x RTU (570, 575)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCADAPack 300 series RTU (314, 330, 334, 350)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 versions ant\u00e9rieures \u00e0 V2.70",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 versions ant\u00e9rieures \u00e0 V2.90",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Quantum versions ant\u00e9rieures \u00e0 V3.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Interactive Graphical SCADA System (IGSS) versions ant\u00e9rieures \u00e0 13.0.0.19140",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 versions ant\u00e9rieures \u00e0 V2.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Ethernet Module BMENOC0301 versions ant\u00e9rieures \u00e0 V2.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 versions ant\u00e9rieures \u00e0 V3.01",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Interactive Graphical SCADA System (IGSS) versions 14.x ant\u00e9rieures \u00e0 14.0.0.19120",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M221",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Zelio Soft 2 versions ant\u00e9rieures \u00e0 v5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium versions ant\u00e9rieures \u00e0 V3.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCADAPack 32 RTU",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Control Expert versions ant\u00e9rieures \u00e0 V14.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Momentum M1E 171CBU98090Modicon Momentum M1E 171CBU98091",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-6028",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6028"
},
{
"name": "CVE-2018-7846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7846"
},
{
"name": "CVE-2019-6822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6822"
},
{
"name": "CVE-2018-7842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7842"
},
{
"name": "CVE-2018-7849",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7849"
},
{
"name": "CVE-2018-7838",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7838"
},
{
"name": "CVE-2019-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6827"
},
{
"name": "CVE-2018-7854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7854"
},
{
"name": "CVE-2018-7844",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7844"
},
{
"name": "CVE-2018-7847",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7847"
},
{
"name": "CVE-2019-6808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6808"
},
{
"name": "CVE-2018-7850",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7850"
},
{
"name": "CVE-2018-7856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7856"
},
{
"name": "CVE-2018-7845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7845"
},
{
"name": "CVE-2018-7857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
},
{
"name": "CVE-2019-6807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6807"
},
{
"name": "CVE-2019-6819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6819"
},
{
"name": "CVE-2019-6806",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6806"
},
{
"name": "CVE-2018-7853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7853"
},
{
"name": "CVE-2018-7843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7843"
},
{
"name": "CVE-2018-7848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7848"
}
],
"initial_release_date": "2019-07-09T00:00:00",
"last_revision_date": "2019-07-09T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-312",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-05 du 02 juillet 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-05-Modicon+Controllers-V1.1.pdf\u0026p_Doc_Ref=SEVD-2019-134-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-190-01 du 09 juillet 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-190-01-Zelio-Soft-2.pdf\u0026p_Doc_Ref=SEVD-2019-190-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2017-065-01 du 09 juillet 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2017-065-01-Modicon-SCADAPack-V2.0.pdf\u0026p_Doc_Ref=SEVD-2017-065-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-11 du 09 juillet 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-11-Modicon-Controllers-V1.1.pdf\u0026p_Doc_Ref=SEVD-2019-134-11"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-190-02 du 09 juillet 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-190-02-IGSS.pdf\u0026p_Doc_Ref=SEVD-2019-190-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-190-03 du 09 juillet 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-190-03-Modicon-M580-Controller.pdf\u0026p_Doc_Ref=SEVD-2019-190-03"
}
]
}
FKIE_CVE-2018-7848
Vulnerability from fkie_nvd - Published: 2019-05-22 20:29 - Updated: 2024-11-21 04:12
Severity ?
Summary
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116",
"versionEndExcluding": "2.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24",
"versionEndExcluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus"
},
{
"lang": "es",
"value": "CWE-200: Existe una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar la divulgaci\u00f3n de informaci\u00f3n SNMP cuando se leen archivos desde el controlador sobre protocolo Modbus."
}
],
"id": "CVE-2018-7848",
"lastModified": "2024-11-21T04:12:52.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T20:29:01.747",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-7JWJ-69W8-5FMM
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46
VLAI?
Details
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
{
"affected": [],
"aliases": [
"CVE-2018-7848"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-22T20:29:00Z",
"severity": "HIGH"
},
"details": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus",
"id": "GHSA-7jwj-69w8-5fmm",
"modified": "2022-05-24T16:46:13Z",
"published": "2022-05-24T16:46:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7848"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740"
}
],
"schema_version": "1.4.0",
"severity": []
}
CNVD-2019-34828
Vulnerability from cnvd - Published: 2019-10-11
VLAI Severity ?
Title
多款Schneider Electric产品信息泄露漏洞(CNVD-2019-34828)
Description
Schneider Electric Modicon M580等都是法国施耐德电气(Schneider Electric)公司的产品。Schneider Electric Modicon M580是一款可编程自动化控制器。Schneider Electric Modicon Premium是一款用于离散或过程应用的大型可编程逻辑控制器(PLC)。Schneider Electric Modicon Quantum是一款用于过程应用、高可用性和安全解决方案的大型可编程逻辑控制器(PLC)。
多款Schneider Electric产品存在信息泄露漏洞。攻击者可利用漏洞获取受影响组件敏感信息。
Severity
中
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.schneider-electric.com/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-7848
Impacted products
| Name | ['Schneider Electric Modicon M340', 'Schneider Electric Modicon Premium', 'Schneider Electric Modicon Quantum', 'Schneider Electric Modicon M580'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-7848"
}
},
"description": "Schneider Electric Modicon M580\u7b49\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Schneider Electric Modicon M580\u662f\u4e00\u6b3e\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u3002Schneider Electric Modicon Premium\u662f\u4e00\u6b3e\u7528\u4e8e\u79bb\u6563\u6216\u8fc7\u7a0b\u5e94\u7528\u7684\u5927\u578b\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u3002Schneider Electric Modicon Quantum\u662f\u4e00\u6b3e\u7528\u4e8e\u8fc7\u7a0b\u5e94\u7528\u3001\u9ad8\u53ef\u7528\u6027\u548c\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u7684\u5927\u578b\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u3002\n\n\u591a\u6b3eSchneider Electric\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Jared Rittle",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.schneider-electric.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-34828",
"openTime": "2019-10-11",
"products": {
"product": [
"Schneider Electric Modicon M340",
"Schneider Electric Modicon Premium",
"Schneider Electric Modicon Quantum",
"Schneider Electric Modicon M580"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-7848",
"serverity": "\u4e2d",
"submitTime": "2019-05-23",
"title": "\u591a\u6b3eSchneider Electric\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-34828\uff09"
}
GSD-2018-7848
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-7848",
"description": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus",
"id": "GSD-2018-7848"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-7848"
],
"details": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus",
"id": "GSD-2018-7848",
"modified": "2023-12-13T01:22:33.162412Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium",
"version": {
"version_data": [
{
"version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.90",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7848"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-02-03T14:09Z",
"publishedDate": "2019-05-22T20:29Z"
}
}
}
CVE-2018-7848
Vulnerability from fstec - Published: 14.05.2019
VLAI Severity ?
Title
Уязвимость микропрограммного обеспечения программируемого логического контроллера Modicon, вызванная раскрытием информации, позволяющая нарушителю раскрыть информацию SNMP
Description
Уязвимость микропрограммного обеспечения программируемого логического контроллера Modicon вызвана раскрытием информации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть информацию SNMP при чтении файлов с контроллера через протокол Modbus
Severity ?
Vendor
Schneider Electric
Software Name
Modicon Premium, Modicon Quantum, Modicon M340, Modicon M580
Software Version
- (Modicon Premium), - (Modicon Quantum), до 3.10 (Modicon M340), до 2.90 (Modicon M580)
Possible Mitigations
Для Modicon M580:
Настройка сегментации сети и внедрение брандмауэра для блокировки несанкционированного доступа к порту 502/TCP
Настройка безопасной связи в соответствии с руководством «Справочное руководство по кибербезопасности платформы Modicon Controllers» в главе «Настройка защищенной связи»:
https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000001999.06.pdf&p_Doc_Ref=EIO0000001999
Использование модуля BMENOC и следование инструкциям для настройки функции IPSEC, как описано в руководстве «Modicon M580 - BMENOC03.1 Коммуникации через Ethernet Модуль, руководство по установке и настройке »в главе« Настройка IPSEC » коммуникации»:
https://www.schneiderelectric.com/en/download/document/HRB62665/#page=1&toolbar=1&scrollbar=1&statusbar=1&view=fit
Для Modicon M340:
Настройка сегментации сети и внедрение брандмауэра для блокировки несанкционированного доступа к порту 502/TCP
Настройка списка контроля доступа, следуя рекомендациям руководства пользователя. «Руководство пользователя Modicon M340 для коммуникационных модулей и процессоров Ethernet» в главе «Параметры конфигурации обмена сообщениями»:
https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=31007131_K01_000_16.pdf&p_Doc_Ref=31007131K01000
Для Modicon Premium:
Настройка сегментации сети и внедрение брандмауэра для блокировки несанкционированного доступа к порту 502/TCP
Настройка списка контроля доступа, следуя рекомендациям руководства пользователя. «Премиум и Atrium с использованием EcoStruxure ™ Control Expert - сетевые модули Ethernet, руководство пользователя» в главах «Параметры конфигурации соединения / Параметры конфигурации служб TCP / IP / Параметры конфигурации соединения»:
https://www.schneider-electric.com/en/download/document/35006192K01000/
Для Modicon Quantum:
Настройка сегментации сети и внедрение брандмауэра для блокировки несанкционированного доступа к порту 502/TCP
Настройка списка контроля доступа, как упомянуто в «Quantum с использованием EcoStruxure ™ Control Expert - конфигурация TCP / IP, руководство пользователя» в главе «Настройки программного обеспечения для обмена данными через Ethernet / обмена сообщениями / настройки обмена сообщениями Quantum NOE Ethernet»:
https://www.schneider-electric.com/en/download/document/33002467K01000/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-7848
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
CWE
CWE-200
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Schneider Electric",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Modicon Premium), - (Modicon Quantum), \u0434\u043e 3.10 (Modicon M340), \u0434\u043e 2.90 (Modicon M580)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Modicon M580:\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0438 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0440\u0442\u0443 502/TCP\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0441\u0432\u044f\u0437\u0438 \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e\u043c \u00ab\u0421\u043f\u0440\u0430\u0432\u043e\u0447\u043d\u043e\u0435 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Modicon Controllers\u00bb \u0432 \u0433\u043b\u0430\u0432\u0435 \u00ab\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0439 \u0441\u0432\u044f\u0437\u0438\u00bb:\nhttps://download.schneiderelectric.com/files?p_enDocType=User+guide\u0026p_File_Name=EIO0000001999.06.pdf\u0026p_Doc_Ref=EIO0000001999\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043c\u043e\u0434\u0443\u043b\u044f BMENOC \u0438 \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f\u043c \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 IPSEC, \u043a\u0430\u043a \u043e\u043f\u0438\u0441\u0430\u043d\u043e \u0432 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0435 \u00abModicon M580 - BMENOC03.1 \u041a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 Ethernet \u041c\u043e\u0434\u0443\u043b\u044c, \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043f\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u00bb\u0432 \u0433\u043b\u0430\u0432\u0435\u00ab \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 IPSEC \u00bb \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0438\u00bb:\nhttps://www.schneiderelectric.com/en/download/document/HRB62665/#page=1\u0026toolbar=1\u0026scrollbar=1\u0026statusbar=1\u0026view=fit\n\n\u0414\u043b\u044f Modicon M340:\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0438 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0440\u0442\u0443 502/TCP\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u043f\u0438\u0441\u043a\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0441\u043b\u0435\u0434\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u00ab\u0420\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f Modicon M340 \u0434\u043b\u044f \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Ethernet\u00bb \u0432 \u0433\u043b\u0430\u0432\u0435 \u00ab\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043e\u0431\u043c\u0435\u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438\u00bb:\nhttps://download.schneiderelectric.com/files?p_enDocType=User+guide\u0026p_File_Name=31007131_K01_000_16.pdf\u0026p_Doc_Ref=31007131K01000\n\n\u0414\u043b\u044f Modicon Premium:\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0438 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0440\u0442\u0443 502/TCP\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u043f\u0438\u0441\u043a\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0441\u043b\u0435\u0434\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u00ab\u041f\u0440\u0435\u043c\u0438\u0443\u043c \u0438 Atrium \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c EcoStruxure \u2122 Control Expert - \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 Ethernet, \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u00bb \u0432 \u0433\u043b\u0430\u0432\u0430\u0445 \u00ab\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f / \u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u043b\u0443\u0436\u0431 TCP / IP / \u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f\u00bb:\nhttps://www.schneider-electric.com/en/download/document/35006192K01000/\n\n\u0414\u043b\u044f Modicon Quantum:\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0438 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0440\u0442\u0443 502/TCP\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u043f\u0438\u0441\u043a\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043a\u0430\u043a \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u043e \u0432 \u00abQuantum \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c EcoStruxure \u2122 Control Expert - \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f TCP / IP, \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u00bb \u0432 \u0433\u043b\u0430\u0432\u0435 \u00ab\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0447\u0435\u0440\u0435\u0437 Ethernet / \u043e\u0431\u043c\u0435\u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 / \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043e\u0431\u043c\u0435\u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Quantum NOE Ethernet\u00bb:\nhttps://www.schneider-electric.com/en/download/document/33002467K01000/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.05.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.06.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02047",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-7848",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Modicon Premium, Modicon Quantum, Modicon M340, Modicon M580",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 Modicon, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e SNMP",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 Modicon \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e SNMP \u043f\u0440\u0438 \u0447\u0442\u0435\u043d\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0441 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b Modbus",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2018-7848\nhttps://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…