Vulnerability Details CVE-2018-7242
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/103543
- https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
- https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
- http://www.securityfocus.com/bid/103543
- https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01
- https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
Products affected by CVE-2018-7242
-
cpe:2.3:h:schneider-electric:140cpu31110:-
-
cpe:2.3:h:schneider-electric:140cpu31110c:-
-
cpe:2.3:h:schneider-electric:140cpu43412u:-
-
cpe:2.3:h:schneider-electric:140cpu43412uc:-
-
cpe:2.3:h:schneider-electric:140cpu65150:-
-
cpe:2.3:h:schneider-electric:140cpu65150c:-
-
cpe:2.3:h:schneider-electric:140cpu65160:-
-
cpe:2.3:h:schneider-electric:140cpu65160c:-
-
cpe:2.3:h:schneider-electric:140cpu65160s:-
-
cpe:2.3:h:schneider-electric:140cpu65260:-
-
cpe:2.3:h:schneider-electric:140cpu65260c:-
-
cpe:2.3:h:schneider-electric:140cpu65860:-
-
cpe:2.3:h:schneider-electric:140cpu65860c:-
-
cpe:2.3:h:schneider-electric:bmxnor0200:-
-
cpe:2.3:h:schneider-electric:bmxnor0200h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-
-
cpe:2.3:h:schneider-electric:tsxh5724m:-
-
cpe:2.3:h:schneider-electric:tsxh5724mc:-
-
cpe:2.3:h:schneider-electric:tsxh5744m:-
-
cpe:2.3:h:schneider-electric:tsxh5744mc:-
-
cpe:2.3:h:schneider-electric:tsxp57104m:-
-
cpe:2.3:h:schneider-electric:tsxp57104mc:-
-
cpe:2.3:h:schneider-electric:tsxp57154m:-
-
cpe:2.3:h:schneider-electric:tsxp57154mc:-
-
cpe:2.3:h:schneider-electric:tsxp571634m:-
-
cpe:2.3:h:schneider-electric:tsxp571634mc:-
-
cpe:2.3:h:schneider-electric:tsxp57204m:-
-
cpe:2.3:h:schneider-electric:tsxp57204mc:-
-
cpe:2.3:h:schneider-electric:tsxp57254m:-
-
cpe:2.3:h:schneider-electric:tsxp57254mc:-
-
cpe:2.3:h:schneider-electric:tsxp572634m:-
-
cpe:2.3:h:schneider-electric:tsxp572634mc:-
-
cpe:2.3:h:schneider-electric:tsxp57304m:-
-
cpe:2.3:h:schneider-electric:tsxp57304mc:-
-
cpe:2.3:h:schneider-electric:tsxp57354m:-
-
cpe:2.3:h:schneider-electric:tsxp57354mc:-
-
cpe:2.3:h:schneider-electric:tsxp573634m:-
-
cpe:2.3:h:schneider-electric:tsxp573634mc:-
-
cpe:2.3:h:schneider-electric:tsxp57454m:-
-
cpe:2.3:h:schneider-electric:tsxp57454mc:-
-
cpe:2.3:h:schneider-electric:tsxp574634m:-
-
cpe:2.3:h:schneider-electric:tsxp574634mc:-
-
cpe:2.3:h:schneider-electric:tsxp57554m:-
-
cpe:2.3:h:schneider-electric:tsxp57554mc:-
-
cpe:2.3:h:schneider-electric:tsxp575634m:-
-
cpe:2.3:h:schneider-electric:tsxp575634mc:-
-
cpe:2.3:h:schneider-electric:tsxp576634m:-
-
cpe:2.3:h:schneider-electric:tsxp576634mc:-
-
cpe:2.3:o:schneider-electric:140cpu31110_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu31110c_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu43412u_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu43412uc_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65150_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65150c_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65160_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65160s_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65260_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65260c_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65860_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65860c_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnor0200_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-
-
cpe:2.3:o:schneider-electric:tsxh5724m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxh5724mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxh5744m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxh5744mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57104m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57104mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57154m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57154mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp571634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp571634mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57204m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57204mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57254m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57254mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp572634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp572634mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57304m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57304mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57354m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57354mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp573634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp573634mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57454m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57454mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp574634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp574634mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57554m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp57554mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp575634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp575634mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp576634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp576634mc_firmware:-