CVE-2018-7241 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
schneider-electric	bmxnor0200_firmware	-
schneider-electric	bmxnor0200h_firmware	-
schneider-electric	140cpu65150_firmware	-
schneider-electric	140cpu31110_firmware	-
schneider-electric	140cpu43412u_firmware	-
schneider-electric	140cpu65160_firmware	-
schneider-electric	140cpu65260_firmware	-
schneider-electric	140cpu65860_firmware	-
schneider-electric	140cpu65160s_firmware	-
schneider-electric	140cpu65150c_firmware	-
schneider-electric	140cpu31110c_firmware	-
schneider-electric	140cpu43412uc_firmware	-
schneider-electric	140cpu65160c_firmware	-
schneider-electric	140cpu65160c_firmware	-
schneider-electric	140cpu65260c_firmware	-
schneider-electric	140cpu65860c_firmware	-
schneider-electric	modicon_m340_bmxp341000_firmware	-
schneider-electric	modicon_m340_bmxp342000_firmware	-
schneider-electric	modicon_m340_bmxp3420102_firmware	-
schneider-electric	modicon_m340_bmxp3420102cl_firmware	-
schneider-electric	modicon_m340_bmxp342020_firmware	-
schneider-electric	modicon_m340_bmxp3420302_firmware	-
schneider-electric	modicon_m340_bmxp3420302cl_firmware	-
schneider-electric	modicon_m340_bmxp3420302h_firmware	-
schneider-electric	modicon_m340_bmxp342020h_firmware	-
schneider-electric	modicon_m340_bmxp341000h_firmware	-
schneider-electric	tsxh5724m_firmware	-
schneider-electric	tsxh5744m_firmware	-
schneider-electric	tsxp57104m_firmware	-
schneider-electric	tsxp57154m_firmware	-
schneider-electric	tsxp571634m_firmware	-
schneider-electric	tsxp57204m_firmware	-
schneider-electric	tsxp57254m_firmware	-
schneider-electric	tsxp572634m_firmware	-
schneider-electric	tsxp57304m_firmware	-
schneider-electric	tsxp57354m_firmware	-
schneider-electric	tsxp573634m_firmware	-
schneider-electric	tsxp57454m_firmware	-
schneider-electric	tsxp574634m_firmware	-
schneider-electric	tsxp575634m_firmware	-
schneider-electric	tsxp576634m_firmware	-
schneider-electric	tsxh5724mc_firmware	-
schneider-electric	tsxh5744mc_firmware	-
schneider-electric	tsxp57104mc_firmware	-
schneider-electric	tsxp57154mc_firmware	-
schneider-electric	tsxp571634mc_firmware	-
schneider-electric	tsxp57204mc_firmware	-
schneider-electric	tsxp57254mc_firmware	-
schneider-electric	tsxp572634mc_firmware	-
schneider-electric	tsxp57304mc_firmware	-
schneider-electric	tsxp57354mc_firmware	-
schneider-electric	tsxp573634mc_firmware	-
schneider-electric	tsxp57454mc_firmware	-
schneider-electric	tsxp574634mc_firmware	-
schneider-electric	tsxp57554mc_firmware	-
schneider-electric	tsxp575634mc_firmware	-
schneider-electric	tsxp576634mc_firmware	-
schneider-electric	tsxh5724m_firmware	-
schneider-electric	tsxh5744mc_firmware	-
schneider-electric	tsxp57554m_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-798 - Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

http://www.securityfocus.com/bid/103542

https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01

https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/

http://www.securityfocus.com/bid/103542

https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01

https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/