CVE-2018-7831 - OpenCVE

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Modicom M340 Modicom Quantum Modicom Premium Firmware Modicom Bmxnor0200h Firmware Modicom Bmxnor0200h Modicom Quantum Firmware Modicom Premium Modicom M340 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_premium:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_quantum:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/	Vendor Advisory
https://www.tenable.com/security/research/tra-2018-38	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2018-11-30T19:00:00

Updated: 2018-12-01T10:57:01

Reserved: 2018-03-08T00:00:00

Link: CVE-2018-7831

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-11-30T19:29:00.593

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-7831

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200"}]}], "datePublic": "2018-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server."}], "problemTypes": [{"descriptions": [{"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-01T10:57:01", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2018-38"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7831", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200", "version": {"version_data": [{"version_value": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2018-38", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-38"}, {"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7831", "datePublished": "2018-11-30T19:00:00", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2018-12-01T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A53C0B78-6556-44B7-9546-75F48EDD87CB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F3D3249-CD51-496E-AB39-79D53EB318F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA79EF8E-C525-4CCB-AC21-F7493FA55BF7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F3ED1E3-2D3F-4ACD-84C9-FD282C4845D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "62BAE494-82C9-4CC7-8149-37DD1ADA10F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC2867F0-53B1-465E-A413-6EFE4ED0FFC4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D99FE33D-BBA0-40B7-B79C-E276BF8353FB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C420C7F-5B35-4775-8775-241FDD0B759C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server."}, {"lang": "es", "value": "Existe una vulnerabilidad de neutralizaci\u00f3n incorrecta de etiquetas HTML relacionadas con scripts en una p\u00e1gina web (XSS b\u00e1sico) en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podr\u00eda permitir que un atacante env\u00ede una URL especialmente manipulada a un usuario autenticado del servidor web para que ejecute un cambio de contrase\u00f1a en el servidor web."}], "id": "CVE-2018-7831", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-30T19:29:00.593", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"}, {"source": "cybersecurity@se.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2018-38"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}