CVE-2018-7848

{"id": "CVE-2018-7848", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-05-22T20:29:01.747", "references": [{"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740", "tags": ["Exploit", "Third Party Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus"}, {"lang": "es", "value": "CWE-200: Existe una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar la divulgaci\u00f3n de informaci\u00f3n SNMP cuando se leen archivos desde el controlador sobre protocolo Modbus."}], "lastModified": "2024-11-21T04:12:52.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}