CVE-2018-7240 - Vulnerability Details

Vendors	Products
Schneider-electric	140cpu31110 140cpu31110 Firmware 140cpu31110c 140cpu31110c Firmware 140cpu43412u 140cpu43412u Firmware 140cpu43412uc 140cpu43412uc Firmware 140cpu65150 140cpu65150 Firmware 140cpu65150c 140cpu65150c Firmware 140cpu65160 140cpu65160 Firmware 140cpu65160c 140cpu65160c Firmware 140cpu65160s 140cpu65160s Firmware 140cpu65260 140cpu65260 Firmware 140cpu65260c 140cpu65260c Firmware 140cpu65860 140cpu65860 Firmware 140cpu65860c 140cpu65860c Firmware

Link	Providers
http://www.securityfocus.com/bid/103541
https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Modicon Quantum", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "All versions of Modicon Quantum communication modules"}]}], "datePublic": "2018-03-22T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware."}], "problemTypes": [{"descriptions": [{"description": "Arbritrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-20T19:57:01", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"}, {"name": "103541", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103541"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7240", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon Quantum", "version": {"version_data": [{"version_value": "All versions of Modicon Quantum communication modules"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbritrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"}, {"name": "103541", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103541"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:24:11.250Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"}, {"name": "103541", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103541"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7240", "datePublished": "2018-04-18T20:00:00", "dateReserved": "2018-02-19T00:00:00", "dateUpdated": "2024-08-05T06:24:11.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Modicon Quantum (string)

vendor : Schneider Electric SE (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions of Modicon Quantum communication modules (string)

}

]

}

]

datePublic : 2018-03-22T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Arbritrary Code Execution (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-04-20T19:57:01 (string)

orgId : 076d1eb6-cfab-4401-b34d-6dfc2a413bdb (string)

shortName : schneider (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/ (string)

}

1 : { »

name : 103541 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/103541 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cybersecurity@schneider-electric.com (string)

ID : CVE-2018-7240 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Modicon Quantum (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions of Modicon Quantum communication modules (string)

}

]

}

]

}

vendor_name : Schneider Electric SE (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Arbritrary Code Execution (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/ (string)

refsource : CONFIRM (string)

url : https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/ (string)

}

1 : { »

name : 103541 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/103541 (string)

}

2 : { »

name : https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 (string)

refsource : MISC (string)

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T06:24:11.250Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/ (string)

}

1 : { »

name : 103541 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/103541 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 076d1eb6-cfab-4401-b34d-6dfc2a413bdb (string)

assignerShortName : schneider (string)

cveId : CVE-2018-7240 (string)

datePublished : 2018-04-18T20:00:00 (string)

dateReserved : 2018-02-19T00:00:00 (string)

dateUpdated : 2024-08-05T06:24:11.250Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7003BE27-3D26-46F9-BF51-5E026EA2AED6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu31110_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A37B3D0A-D1AA-494F-B26B-70BA8D1E8D6F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu31110:-:*:*:*:*:*:*:*", "matchCriteriaId": "F363F812-4BF2-450C-BC40-48A136746B9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu43412u_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B36E6DC-D407-4A3B-9ED3-1683EEE83299", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu43412u:-:*:*:*:*:*:*:*", "matchCriteriaId": "B87C8629-A8CF-4B8E-AB03-0425C30A40C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65160_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E092BBB-F315-4541-B8B2-BF9E1B75B041", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D5F2BE6-CF9E-48BB-B525-6B8F4C0B203E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65860_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FECDF56E-7F6B-4048-AAAA-0D80C685F6D9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B8230FD-0C0A-467C-9BAD-09257739D462", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65160s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "616C2139-6063-4BB1-84C0-AECDBB9EC86C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95E48F27-F241-4491-AFF7-8BD562F21A52", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65150c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAA5A94A-09A0-4606-8DAE-0CDE1A372483", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65150c:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A2EB59-CCEE-4123-8344-764959B32C3C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu31110c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEE31953-8AEA-45AB-81A1-BCE9AC78A48D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu31110c:-:*:*:*:*:*:*:*", "matchCriteriaId": "33B887DA-75CD-465C-8B02-4DF1A063F3B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu43412uc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "09F9986A-4089-429E-BFD7-131C3BE98B9E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu43412uc:-:*:*:*:*:*:*:*", "matchCriteriaId": "38AC4E35-E020-4E54-B1F7-01F4A9D9DEC7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A75F5C8-3341-4C4A-8660-F002AD07702F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1A9B6A4-BAA6-4982-A27B-2B9D5F0E7178", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A75F5C8-3341-4C4A-8660-F002AD07702F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1A9B6A4-BAA6-4982-A27B-2B9D5F0E7178", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65260c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BE1F4A9-D2EA-4A5B-8F9A-EFD961D4F49D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65260c:-:*:*:*:*:*:*:*", "matchCriteriaId": "106C756F-1A0D-486F-BA83-F1F6D9D5661E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65860c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1472068B-ECE2-46F4-AC91-43F5AFCA8C52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65860c:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E33E1CF-BD62-4638-AD44-30A19063FCD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware."}, {"lang": "es", "value": "Existe una vulnerabilidad en Modicon Quantum, de Schneider Electric, en todas las versiones de los m\u00f3dulos de comunicaci\u00f3n que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario. Un comando FTP usado para actualizar el firmware del m\u00f3dulo puede emplearse err\u00f3neamente para provocar una denegaci\u00f3n de servicio (DoS) o, en casos extremos, cargar un firmware malicioso."}], "id": "CVE-2018-7240", "lastModified": "2024-11-21T04:11:51.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-18T20:29:00.247", "references": [{"source": "cybersecurity@se.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103541"}, {"source": "cybersecurity@se.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"}, {"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65150_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 7003BE27-3D26-46F9-BF51-5E026EA2AED6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EC3E5496-C3D0-4DF4-A9AF-F227F889840E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu31110_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A37B3D0A-D1AA-494F-B26B-70BA8D1E8D6F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu31110:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F363F812-4BF2-450C-BC40-48A136746B9E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu43412u_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1B36E6DC-D407-4A3B-9ED3-1683EEE83299 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu43412u:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B87C8629-A8CF-4B8E-AB03-0425C30A40C3 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65160_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 5E092BBB-F315-4541-B8B2-BF9E1B75B041 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65260_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0D5F2BE6-CF9E-48BB-B525-6B8F4C0B203E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3D7304B0-EE18-454B-B3F0-5EF387285D90 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65860_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FECDF56E-7F6B-4048-AAAA-0D80C685F6D9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9B8230FD-0C0A-467C-9BAD-09257739D462 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65160s_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 616C2139-6063-4BB1-84C0-AECDBB9EC86C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 95E48F27-F241-4491-AFF7-8BD562F21A52 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65150c_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EAA5A94A-09A0-4606-8DAE-0CDE1A372483 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65150c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 51A2EB59-CCEE-4123-8344-764959B32C3C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu31110c_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DEE31953-8AEA-45AB-81A1-BCE9AC78A48D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu31110c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 33B887DA-75CD-465C-8B02-4DF1A063F3B9 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu43412uc_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 09F9986A-4089-429E-BFD7-131C3BE98B9E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu43412uc:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 38AC4E35-E020-4E54-B1F7-01F4A9D9DEC7 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

10 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6A75F5C8-3341-4C4A-8660-F002AD07702F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D1A9B6A4-BAA6-4982-A27B-2B9D5F0E7178 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

11 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6A75F5C8-3341-4C4A-8660-F002AD07702F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D1A9B6A4-BAA6-4982-A27B-2B9D5F0E7178 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

12 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65260c_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0BE1F4A9-D2EA-4A5B-8F9A-EFD961D4F49D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65260c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 106C756F-1A0D-486F-BA83-F1F6D9D5661E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

13 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:140cpu65860c_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1472068B-ECE2-46F4-AC91-43F5AFCA8C52 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:140cpu65860c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0E33E1CF-BD62-4638-AD44-30A19063FCD5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware. (string)

}

1 : { »

lang : es (string)

value : Existe una vulnerabilidad en Modicon Quantum, de Schneider Electric, en todas las versiones de los módulos de comunicación que podría permitir la ejecución de código arbitrario. Un comando FTP usado para actualizar el firmware del módulo puede emplearse erróneamente para provocar una denegación de servicio (DoS) o, en casos extremos, cargar un firmware malicioso. (string)

}

]

id : CVE-2018-7240 (string)

lastModified : 2024-11-21T04:11:51.400 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-04-18T20:29:00.247 (string)

references : [ »

0 : { »

source : cybersecurity@se.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/103541 (string)

}

1 : { »

source : cybersecurity@se.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 (string)

}

2 : { »

source : cybersecurity@se.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/ (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/103541 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/ (string)

}

]

sourceIdentifier : cybersecurity@se.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object