CVE-2018-7830

HIGH

Modicon M340-Quantum - DoS

Title source: llm

Description

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.

References (2)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2018-38

[Vendor Advisory] https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/

Scores

CVSS v3 7.5

EPSS 0.0267

EPSS Percentile 85.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-113

Status published

Products (4)

schneider-electric/modicom_bmxnor0200h_firmware

schneider-electric/modicom_m340_firmware

schneider-electric/modicom_premium_firmware

schneider-electric/modicom_quantum_firmware

Published Nov 30, 2018

Tracked Since Feb 18, 2026