Vulnerability Details : CVE-2018-7242
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
Products affected by CVE-2018-7242
- cpe:2.3:o:schneider-electric:140cpu65150_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu31110_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu43412u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu65160_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu65260_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu65860_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu65160s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu65150c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu31110c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu43412uc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu65260c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:140cpu65860c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxnor0200_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp341000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp342000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp3420102_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp3420102cl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp342020_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp3420302_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp3420302cl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp3420302h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp342020h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:bmxp341000h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxh5724m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxh5744m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57104m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57154m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp571634m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57204m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57254m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp572634m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57304m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57354m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp573634m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57454m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp574634m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp575634m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp576634m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxh5724mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxh5744mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57104mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57154mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp571634mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57204mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57254mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp572634mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57304mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57354mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp573634mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57454mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp574634mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57554mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp575634mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp576634mc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:tsxp57554m_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7242
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7242
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-7242
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7242
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/103543
Multiple Schneider Electric Modicon Products CVE-2018-7242 Remote Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
Security Notification - Embedded FTP Servers for Modicon | Schneider ElectricVendor Advisory
Jump to