BDU:2018-01159High
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Share link
Anyone with the link can open this vulnerability.
Уязвимость микропрограммного обеспечения программируемого логического контроллера Schneider Electric Modicon Quantum связана с недостатками…
CVSS
8.8
High
EPSS
0.00
p0
Published
2018-01-01
Updated
2018-01-01
Description
Уязвимость микропрограммного обеспечения программируемого логического контроллера Schneider Electric Modicon Quantum связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код, вызвать отказ в обслуживании или загрузить вредоносную прошивку с помощью специальной FTP-команды, используемой для обновления прошивки
Affected products
Schneider electric 140cpu31110Schneider electric 140cpu31110cSchneider electric 140cpu43412uSchneider electric 140cpu43412ucSchneider electric 140cpu65150Schneider electric 140cpu65150cSchneider electric 140cpu65160Schneider electric 140cpu65160cSchneider electric 140cpu65160sSchneider electric 140cpu65260Schneider electric 140cpu65260cSchneider electric 140cpu65860Schneider electric 140cpu65860cSchneider electric Bmxnor0200Schneider electric Bmxnor0200hSchneider electric Bmxp341000Schneider electric Bmxp341000hSchneider electric Bmxp342000Schneider electric Bmxp3420102Schneider electric Bmxp3420102cl
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
2018-01-01
Published
2018-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
| Product | Vendor | Status |
|---|---|---|
| 140cpu31110 | schneider electric | Tracked |
| 140cpu31110c | schneider electric | Tracked |
| 140cpu43412u | schneider electric | Tracked |
| 140cpu43412uc | schneider electric | Tracked |
| 140cpu65150 | schneider electric | Tracked |
| 140cpu65150c | schneider electric | Tracked |
| 140cpu65160 | schneider electric | Tracked |
| 140cpu65160c | schneider electric | Tracked |
| 140cpu65160s | schneider electric | Tracked |
| 140cpu65260 | schneider electric | Tracked |
| 140cpu65260c | schneider electric | Tracked |
| 140cpu65860 | schneider electric | Tracked |
| 140cpu65860c | schneider electric | Tracked |
| bmxnor0200 | schneider electric | Tracked |
| bmxnor0200h | schneider electric | Tracked |
| bmxp341000 | schneider electric | Tracked |
| bmxp341000h | schneider electric | Tracked |
| bmxp342000 | schneider electric | Tracked |
| bmxp3420102 | schneider electric | Tracked |
| bmxp3420102cl | schneider electric | Tracked |
Showing first 20 of 56
Source databases
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Related vulnerabilities