V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2018-7830
CVE
High

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in a…

CVSS
7.5
High
EPSS
0.02
p82
Published
2018-01-01
Updated
2018-01-01
Description

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.

Tags · CWE
Pre-auth
CWE-113
CAPEC-31
CAPEC-34
CAPEC-85
CAPEC-105
Affected products
Modicom_bmxnor0200h_firmwareModicom_m340_firmwareModicom_premium_firmwareModicom_quantum_firmware
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
2018-01-01
Published
2018-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.024 · p82
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-31 · CWE-113
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Schneider Electric
Modicom Bmxnor0200hModicom Bmxnor0200h FirmwareModicom M340Modicom M340 FirmwareModicom PremiumModicom Premium FirmwareModicom QuantumModicom Quantum Firmware
ProductVendorStatus
modicom_bmxnor0200h_firmware*Tracked
modicom_m340_firmware*Tracked
modicom_premium_firmware*Tracked
modicom_quantum_firmware*Tracked
Source databases
CVE
Related vulnerabilities
BDU:2019-00124