CVE-2018-7812 Information

Description

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340 Premium Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product such as whether a particular operation was successful or not.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/SadFud/Exploits/tree/master/Real20World/SCADA20-20IOT20Systems/CVE-2018-7812 https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5