CVE-2018-7758

EPSS 0.13%
Veröffentlicht 18.04.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 04:12:40
Quelle cybersecurity@se.com
Teams Watchlist Login
Unerledigt Login

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Micom P141 Firmware Version-

Schneider-electric ≫ Micom P141 Version-

Schneider-electric ≫ Micom P142 Firmware Version-

Schneider-electric ≫ Micom P142 Version-

Schneider-electric ≫ Micom P143 Firmware Version-

Schneider-electric ≫ Micom P143 Version-

Schneider-electric ≫ Micom P145 Firmware Version-

Schneider-electric ≫ Micom P145 Version-

Schneider-electric ≫ Micom P642 Firmware Version-

Schneider-electric ≫ Micom P642 Version-

Schneider-electric ≫ Micom P643 Firmware Version-

Schneider-electric ≫ Micom P643 Version-

Schneider-electric ≫ Micom P645 Firmware Version-

Schneider-electric ≫ Micom P645 Version-

Schneider-electric ≫ Micom P849 Firmware Version-

Schneider-electric ≫ Micom P849 Version-

Schneider-electric ≫ Micom P746 Firmware Version-

Schneider-electric ≫ Micom P746 Version-

Schneider-electric ≫ Micom P841a Firmware Version-

Schneider-electric ≫ Micom P841a Version-

Schneider-electric ≫ Micom P841b Firmware Version-

Schneider-electric ≫ Micom P841b Version-

Schneider-electric ≫ Micom P443 Firmware Version-

Schneider-electric ≫ Micom P443 Version-

Schneider-electric ≫ Micom P445 Firmware Version-

Schneider-electric ≫ Micom P445 Version-

Schneider-electric ≫ Micom P446 Firmware Version-

Schneider-electric ≫ Micom P446 Version-

Schneider-electric ≫ Micom P441 Firmware Version-

Schneider-electric ≫ Micom P441 Version-

Schneider-electric ≫ Micom P442 Firmware Version-

Schneider-electric ≫ Micom P442 Version-

Schneider-electric ≫ Micom P444 Firmware Version-

Schneider-electric ≫ Micom P444 Version-

Schneider-electric ≫ Micom P541 Firmware Version-

Schneider-electric ≫ Micom P541 Version-

Schneider-electric ≫ Micom P542 Firmware Version-

Schneider-electric ≫ Micom P542 Version-

Schneider-electric ≫ Micom P543 Firmware Version-

Schneider-electric ≫ Micom P543 Version-

Schneider-electric ≫ Micom P544 Firmware Version-

Schneider-electric ≫ Micom P544 Version-

Schneider-electric ≫ Micom P545 Firmware Version-

Schneider-electric ≫ Micom P545 Version-

Schneider-electric ≫ Micom P546 Firmware Version-

Schneider-electric ≫ Micom P546 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.294

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-7758

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7758

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7758

EUVD