Vulnerability Details CVE-2018-7830
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-7830
-
cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-
-
cpe:2.3:h:schneider-electric:modicom_m340:-
-
cpe:2.3:h:schneider-electric:modicom_premium:-
-
cpe:2.3:h:schneider-electric:modicom_quantum:-
-
cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:-
-
cpe:2.3:o:schneider-electric:modicom_m340_firmware:-
-
cpe:2.3:o:schneider-electric:modicom_premium_firmware:-
-
cpe:2.3:o:schneider-electric:modicom_quantum_firmware:-