U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:h:schneider-electric:modicom_premium:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2018-7833

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable

Published: December 17, 2018; 5:29:00 PM -0500 		V3.0: 7.5 HIGH
 V2.0: 5.0 MEDIUM
CVE-2018-7812

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Published: December 17, 2018; 5:29:00 PM -0500 		V3.0: 7.5 HIGH
 V2.0: 5.0 MEDIUM
CVE-2018-7804

A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.

Published: December 17, 2018; 5:29:00 PM -0500 		V3.0: 6.1 MEDIUM
 V2.0: 5.8 MEDIUM
CVE-2018-7831

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.

Published: November 30, 2018; 2:29:00 PM -0500 		V3.0: 8.8 HIGH
 V2.0: 4.3 MEDIUM
CVE-2018-7830

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.

Published: November 30, 2018; 2:29:00 PM -0500 		V3.0: 7.5 HIGH
 V2.0: 5.0 MEDIUM
CVE-2018-7811

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server

Published: November 30, 2018; 2:29:00 PM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 5.0 MEDIUM
CVE-2018-7810

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.

Published: November 30, 2018; 2:29:00 PM -0500 		V3.0: 6.1 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2018-7809

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.

Published: November 30, 2018; 2:29:00 PM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 6.4 MEDIUM