{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T09:49:42.869","vulnerabilities":[{"cve":{"id":"CVE-2018-7831","sourceIdentifier":"cybersecurity@se.com","published":"2018-11-30T19:29:00.593","lastModified":"2024-11-21T04:12:50.497","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server."},{"lang":"es","value":"Existe una vulnerabilidad de neutralización incorrecta de etiquetas HTML relacionadas con scripts en una página web (XSS básico) en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podría permitir que un atacante envíe una URL especialmente manipulada a un usuario autenticado del servidor web para que ejecute un cambio de contraseña en el servidor web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"A53C0B78-6556-44B7-9546-75F48EDD87CB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*","matchCriteriaId":"7F3D3249-CD51-496E-AB39-79D53EB318F8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"AA79EF8E-C525-4CCB-AC21-F7493FA55BF7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicom_premium:-:*:*:*:*:*:*:*","matchCriteriaId":"9F3ED1E3-2D3F-4ACD-84C9-FD282C4845D9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"62BAE494-82C9-4CC7-8149-37DD1ADA10F2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicom_quantum:-:*:*:*:*:*:*:*","matchCriteriaId":"DC2867F0-53B1-465E-A413-6EFE4ED0FFC4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"D99FE33D-BBA0-40B7-B79C-E276BF8353FB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*","matchCriteriaId":"8C420C7F-5B35-4775-8775-241FDD0B759C"}]}]}],"references":[{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2018-38","source":"cybersecurity@se.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2018-38","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}