CVE-2018-7242
CRITICALSchneider Electric Modicon and BMXNOR0200 - Inadequate Encryption Strength
Title source: llmDescription
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103543
Scores
CVSS v3
9.8
EPSS
0.0025
EPSS Percentile
48.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-326
Status
published
Products (50)
schneider-electric/140cpu31110_firmware
schneider-electric/140cpu31110c_firmware
schneider-electric/140cpu43412u_firmware
schneider-electric/140cpu43412uc_firmware
schneider-electric/140cpu65150_firmware
schneider-electric/140cpu65150c_firmware
schneider-electric/140cpu65160_firmware
schneider-electric/140cpu65160c_firmware
schneider-electric/140cpu65160s_firmware
schneider-electric/140cpu65260_firmware
... and 40 more
Published
Apr 18, 2018
Tracked Since
Feb 18, 2026