Detections
Analytics
Schneider Electric Modicon Multiple Controllers URL Redirection
medium Nessus Network Monitor Plugin ID 720243
Synopsis
A URL Redirection to Untrusted Site vulnerability exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.Description
A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01
Plugin Details
Severity: Medium
ID: 720243
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 12/17/2018
Vulnerability Publication Date: 12/17/2018
Reference Information
CVE: CVE-2018-7804