CVE-2018-7761

high-risk

Published 2018-04-18

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.

Do I need to act?

0.55% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Bmxnor0200 Firmware

Bmxnor0200H Firmware

140Cpu65150 Firmware

140Cpu31110 Firmware

140Cpu43412U Firmware

140Cpu65160 Firmware

140Cpu65260 Firmware

140Cpu65860 Firmware

140Cpu65160S Firmware

140Cpu65150C Firmware

140Cpu31110C Firmware

140Cpu43412Uc Firmware

140Cpu65160C Firmware

140Cpu65260C Firmware

140Cpu65860C Firmware

Modicon M340 Bmxp341000 Firmware

Modicon M340 Bmxp342000 Firmware

Modicon M340 Bmxp3420102 Firmware

Modicon M340 Bmxp3420102Cl Firmware

Modicon M340 Bmxp342020 Firmware

Affected Vendors

Schneider-Electric

References (2)

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 26/34 · High