BDU:2019-02045CriticalConfirmedExploit available
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Share link
Anyone with the link can open this vulnerability.
Уязвимость микропрограммного обеспечения программируемого логического контроллера Modicon связана с нарушением доверительных границ при под…
CVSS
9.8
Critical
EPSS
0.00
p0
Published
2019-01-01
Updated
2019-01-01
Description
Уязвимость микропрограммного обеспечения программируемого логического контроллера Modicon связана с нарушением доверительных границ при подключении. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществить несанкционированный доступ путем проведения атаки «грубой силы» по протоколу Modbus
Tags · CWE
Pre-auth
Affected products
Schneider electric Modicon m340Schneider electric Modicon m580Schneider electric Modicon premiumSchneider electric Modicon quantum
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2019-01-01
Published
2019-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
CVE-2018-7846
github-poc · https://github.com/yanissec/CVE-2018-7846
Affected products
| Product | Vendor | Status |
|---|---|---|
| modicon m340 | schneider electric | Tracked |
| modicon m580 | schneider electric | Tracked |
| modicon premium | schneider electric | Tracked |
| modicon quantum | schneider electric | Tracked |
Source databases
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Related vulnerabilities