{"containers": {"cna": {"affected": [{"product": "Modicon Quantum", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "All versions of Modicon Quantum communication modules"}]}], "datePublic": "2018-03-22T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware."}], "problemTypes": [{"descriptions": [{"description": "Arbritrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-20T19:57:01", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"}, {"name": "103541", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103541"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7240", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon Quantum", "version": {"version_data": [{"version_value": "All versions of Modicon Quantum communication modules"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbritrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"}, {"name": "103541", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103541"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:24:11.250Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"}, {"name": "103541", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103541"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7240", "datePublished": "2018-04-18T20:00:00", "dateReserved": "2018-02-19T00:00:00", "dateUpdated": "2024-08-05T06:24:11.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7003BE27-3D26-46F9-BF51-5E026EA2AED6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu31110_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A37B3D0A-D1AA-494F-B26B-70BA8D1E8D6F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu31110:-:*:*:*:*:*:*:*", "matchCriteriaId": "F363F812-4BF2-450C-BC40-48A136746B9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu43412u_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B36E6DC-D407-4A3B-9ED3-1683EEE83299", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu43412u:-:*:*:*:*:*:*:*", "matchCriteriaId": "B87C8629-A8CF-4B8E-AB03-0425C30A40C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65160_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E092BBB-F315-4541-B8B2-BF9E1B75B041", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D5F2BE6-CF9E-48BB-B525-6B8F4C0B203E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65860_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FECDF56E-7F6B-4048-AAAA-0D80C685F6D9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B8230FD-0C0A-467C-9BAD-09257739D462", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65160s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "616C2139-6063-4BB1-84C0-AECDBB9EC86C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95E48F27-F241-4491-AFF7-8BD562F21A52", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65150c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAA5A94A-09A0-4606-8DAE-0CDE1A372483", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65150c:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A2EB59-CCEE-4123-8344-764959B32C3C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu31110c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEE31953-8AEA-45AB-81A1-BCE9AC78A48D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu31110c:-:*:*:*:*:*:*:*", "matchCriteriaId": "33B887DA-75CD-465C-8B02-4DF1A063F3B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu43412uc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "09F9986A-4089-429E-BFD7-131C3BE98B9E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu43412uc:-:*:*:*:*:*:*:*", "matchCriteriaId": "38AC4E35-E020-4E54-B1F7-01F4A9D9DEC7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A75F5C8-3341-4C4A-8660-F002AD07702F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1A9B6A4-BAA6-4982-A27B-2B9D5F0E7178", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65160c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A75F5C8-3341-4C4A-8660-F002AD07702F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65160c:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1A9B6A4-BAA6-4982-A27B-2B9D5F0E7178", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65260c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BE1F4A9-D2EA-4A5B-8F9A-EFD961D4F49D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65260c:-:*:*:*:*:*:*:*", "matchCriteriaId": "106C756F-1A0D-486F-BA83-F1F6D9D5661E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65860c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1472068B-ECE2-46F4-AC91-43F5AFCA8C52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65860c:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E33E1CF-BD62-4638-AD44-30A19063FCD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware."}, {"lang": "es", "value": "Existe una vulnerabilidad en Modicon Quantum, de Schneider Electric, en todas las versiones de los m\u00f3dulos de comunicaci\u00f3n que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario. Un comando FTP usado para actualizar el firmware del m\u00f3dulo puede emplearse err\u00f3neamente para provocar una denegaci\u00f3n de servicio (DoS) o, en casos extremos, cargar un firmware malicioso."}], "id": "CVE-2018-7240", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-18T20:29:00.247", "references": [{"source": "cybersecurity@se.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103541"}, {"source": "cybersecurity@se.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"}, {"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}