CVE-2018-7810

Summary

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.

Affected Software

VendorProductVersion RangeStatus
Schneider Electric SEEmbedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200affected

Weaknesses

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References