CVE-2018-7811

CRITICAL

Modicon M340-Quantum - Info Disclosure

Title source: llm

Description

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server

References (3)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2018-38

[Vendor Advisory] https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/

[Various Sources] https://security.cse.iitk.ac.in/responsible-disclosure

Scores

CVSS v3 9.8

EPSS 0.0153

EPSS Percentile 81.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (4)

schneider-electric/modicom_bmxnor0200h_firmware

schneider-electric/modicom_m340_firmware

schneider-electric/modicom_premium_firmware

schneider-electric/modicom_quantum_firmware

Published Nov 30, 2018

Tracked Since Feb 18, 2026