CVE-2018-7761 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Affected Products (NVD)

Vendor	Product	Version
schneider-electric	bmxnor0200_firmware	-
schneider-electric	bmxnor0200h_firmware	-
schneider-electric	140cpu65150_firmware	-
schneider-electric	140cpu31110_firmware	-
schneider-electric	140cpu43412u_firmware	-
schneider-electric	140cpu65160_firmware	-
schneider-electric	140cpu65260_firmware	-
schneider-electric	140cpu65860_firmware	-
schneider-electric	140cpu65160s_firmware	-
schneider-electric	140cpu65150c_firmware	-
schneider-electric	140cpu31110c_firmware	-
schneider-electric	140cpu43412uc_firmware	-
schneider-electric	140cpu65160c_firmware	-
schneider-electric	140cpu65160c_firmware	-
schneider-electric	140cpu65260c_firmware	-
schneider-electric	140cpu65860c_firmware	-
schneider-electric	modicon_m340_bmxp341000_firmware	-
schneider-electric	modicon_m340_bmxp342000_firmware	-
schneider-electric	modicon_m340_bmxp3420102_firmware	-
schneider-electric	modicon_m340_bmxp3420102cl_firmware	-
schneider-electric	modicon_m340_bmxp342020_firmware	-
schneider-electric	modicon_m340_bmxp3420302_firmware	-
schneider-electric	modicon_m340_bmxp3420302cl_firmware	-
schneider-electric	modicon_m340_bmxp3420302h_firmware	-
schneider-electric	modicon_m340_bmxp342020h_firmware	-
schneider-electric	modicon_m340_bmxp341000h_firmware	-
schneider-electric	tsxh5724m_firmware	-
schneider-electric	tsxh5744m_firmware	-
schneider-electric	tsxp57104m_firmware	-
schneider-electric	tsxp57154m_firmware	-
schneider-electric	tsxp571634m_firmware	-
schneider-electric	tsxp57204m_firmware	-
schneider-electric	tsxp57254m_firmware	-
schneider-electric	tsxp572634m_firmware	-
schneider-electric	tsxp57304m_firmware	-
schneider-electric	tsxp57354m_firmware	-
schneider-electric	tsxp573634m_firmware	-
schneider-electric	tsxp57454m_firmware	-
schneider-electric	tsxp574634m_firmware	-
schneider-electric	tsxp575634m_firmware	-
schneider-electric	tsxp576634m_firmware	-
schneider-electric	tsxh5724mc_firmware	-
schneider-electric	tsxh5744mc_firmware	-
schneider-electric	tsxp57104mc_firmware	-
schneider-electric	tsxp57154mc_firmware	-
schneider-electric	tsxp571634mc_firmware	-
schneider-electric	tsxp57204mc_firmware	-
schneider-electric	tsxp57254mc_firmware	-
schneider-electric	tsxp572634mc_firmware	-
schneider-electric	tsxp57304mc_firmware	-
schneider-electric	tsxp57354mc_firmware	-
schneider-electric	tsxp573634mc_firmware	-
schneider-electric	tsxp57454mc_firmware	-
schneider-electric	tsxp574634mc_firmware	-
schneider-electric	tsxp57554mc_firmware	-
schneider-electric	tsxp575634mc_firmware	-
schneider-electric	tsxp576634mc_firmware	-
schneider-electric	tsxh5724m_firmware	-
schneider-electric	tsxh5744mc_firmware	-
schneider-electric	tsxp57554m_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/