CVE-2018-7830 - OpenCVE

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Modicom M340 Modicom Quantum Modicom Premium Firmware Modicom Bmxnor0200h Firmware Modicom Bmxnor0200h Modicom Quantum Firmware Modicom Premium Modicom M340 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_premium:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_quantum:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/	Vendor Advisory
https://www.tenable.com/security/research/tra-2018-38	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2018-11-30T19:00:00

Updated: 2018-12-01T10:57:01

Reserved: 2018-03-08T00:00:00

Link: CVE-2018-7830

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-11-30T19:29:00.547

Modified: 2018-12-28T17:32:33.407

Link: CVE-2018-7830

JSON object: View

Redhat Information

No data.

CWE

CWE-113

{"containers": {"cna": {"affected": [{"product": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200"}]}], "datePublic": "2018-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request."}], "problemTypes": [{"descriptions": [{"description": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-01T10:57:01", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2018-38"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7830", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200", "version": {"version_data": [{"version_value": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2018-38", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-38"}, {"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7830", "datePublished": "2018-11-30T19:00:00", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2018-12-01T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A53C0B78-6556-44B7-9546-75F48EDD87CB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F3D3249-CD51-496E-AB39-79D53EB318F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA79EF8E-C525-4CCB-AC21-F7493FA55BF7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_premium:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BAD47C7-A8D1-44B3-9917-D5285E63F3B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "62BAE494-82C9-4CC7-8149-37DD1ADA10F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_quantum:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B17B062-016A-45C2-A640-C8FD31E6E05F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D99FE33D-BBA0-40B7-B79C-E276BF8353FB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C420C7F-5B35-4775-8775-241FDD0B759C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request."}, {"lang": "es", "value": "Existe una vulnerabilidad de neutralizaci\u00f3n incorrecta de secuencias CRLF en cabeceras HTTP (\"separaci\u00f3n de respuesta HTTP\") en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, donde puede ocurrir una denegaci\u00f3n de servicio (DoS) durante 1 minuto aproximadamente mediante el env\u00edo de una petici\u00f3n HTTP especialmente manipulada."}], "id": "CVE-2018-7830", "lastModified": "2018-12-28T17:32:33.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-30T19:29:00.547", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"}, {"source": "cybersecurity@se.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2018-38"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-113"}], "source": "nvd@nist.gov", "type": "Primary"}]}