CVE-2018-7241
CRITICALSchneider Electric Modicon and BMXNOR0200 Controllers - Use of Hard-coded Credentials
Title source: llmDescription
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103542
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
Scores
CVSS v3
9.8
EPSS
0.0055
EPSS Percentile
68.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (50)
schneider-electric/140cpu31110_firmware
schneider-electric/140cpu31110c_firmware
schneider-electric/140cpu43412u_firmware
schneider-electric/140cpu43412uc_firmware
schneider-electric/140cpu65150_firmware
schneider-electric/140cpu65150c_firmware
schneider-electric/140cpu65160_firmware
schneider-electric/140cpu65160c_firmware
schneider-electric/140cpu65160s_firmware
schneider-electric/140cpu65260_firmware
... and 40 more
Published
Apr 18, 2018
Tracked Since
Feb 18, 2026