{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T13:51:40.944","vulnerabilities":[{"cve":{"id":"CVE-2018-7811","sourceIdentifier":"cybersecurity@se.com","published":"2018-11-30T19:29:00.500","lastModified":"2024-11-21T04:12:46.583","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server"},{"lang":"es","value":"Existe un cambio de contraseña sin verificar en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podría permitir que un usuario remoto no autenticado acceda a la función de cambio de contraseñas del servidor web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"A53C0B78-6556-44B7-9546-75F48EDD87CB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*","matchCriteriaId":"7F3D3249-CD51-496E-AB39-79D53EB318F8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"AA79EF8E-C525-4CCB-AC21-F7493FA55BF7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicom_premium:*:*:*:*:*:*:*:*","matchCriteriaId":"8BAD47C7-A8D1-44B3-9917-D5285E63F3B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"62BAE494-82C9-4CC7-8149-37DD1ADA10F2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicom_quantum:*:*:*:*:*:*:*:*","matchCriteriaId":"1B17B062-016A-45C2-A640-C8FD31E6E05F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"D99FE33D-BBA0-40B7-B79C-E276BF8353FB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*","matchCriteriaId":"8C420C7F-5B35-4775-8775-241FDD0B759C"}]}]}],"references":[{"url":"https://security.cse.iitk.ac.in/responsible-disclosure","source":"cybersecurity@se.com"},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2018-38","source":"cybersecurity@se.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.cse.iitk.ac.in/responsible-disclosure","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2018-38","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}