检测
分析学
Schneider电机预科全科全科全科M340和MBXNOR0200
关键值可租OT安全插件ID501216
简表
远程OT资产受脆弱性影响描述性
脆弱hash算法存在于Schneider电机预科、MediconQuantum、M340和BMXNOR0200控制器所有版本通信模块中算法加密密码易受hash碰撞攻击插件只对Tenable.ot工作
网站s/www.yyueer.com/products/tenable-ot获取更多信息
求解
下文原由网络安全基础设施安全局创建原创可见于CISA.govSchneider电商建议用户遵守Medicon控制器平台-网络安全参考手册概述安全安装MediconPLCs
Schneider电气还建议受影响的用户在不需要维护或配置活动时禁止设备fTP服务
详情见Schneider电厂安全通知SEVD-2018-081-01
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
并见
http://www.securityfocus.com/bid/103543
插件细节
严重性 :临界点
身份证 :501216
版本化 :1.3
类型 :远程
家庭问题 :可调用.ot
发布 :6/29/2023
更新 :11/62023
风险信息
VPR
风险因子 :中度
分数 :5点9分
CVSS v2
风险因子 :中度
基础评分 :5
时间评分 :3.7
向量 :CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS评分源 :CVE-2018-7242
CVSSv3
风险因子 :临界点
基础评分 :九点八
时间评分 :8.5
向量 :CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间向量 :CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE系统 :cpe:/o:schneider-electric:140cpu31110_firmware:-,cpe:/o:schneider-electric:140cpu31110c_firmware:-,cpe:/o:schneider-electric:140cpu43412u_firmware:-,cpe:/o:schneider-electric:140cpu43412uc_firmware:-,cpe:/o:schneider-electric:140cpu65150_firmware:-,cpe:/o:schneider-electric:140cpu65150c_firmware:-,cpe:/o:schneider-electric:140cpu65160_firmware:-,cpe:/o:schneider-electric:140cpu65160c_firmware:-,cpe:/o:schneider-electric:140cpu65160s_firmware:-,cpe:/o:schneider-electric:140cpu65260_firmware:-,cpe:/o:schneider-electric:140cpu65260c_firmware:-,cpe:/o:schneider-electric:140cpu65860_firmware:-,cpe:/o:schneider-electric:140cpu65860c_firmware:-,cpe:/o:schneider-electric:bmxnor0200_firmware:-,cpe:/o:schneider-electric:bmxnor0200h_firmware:-,cpe:/o:schneider-electric:bmxp341000_firmware:-,cpe:/o:schneider-electric:bmxp341000h_firmware:-,cpe:/o:schneider-electric:bmxp342000_firmware:-,cpe:/o:schneider-electric:bmxp3420102_firmware:-,cpe:/o:schneider-electric:bmxp3420102cl_firmware:-,cpe:/o:schneider-electric:bmxp342020_firmware:-,cpe:/o:schneider-electric:bmxp342020h_firmware:-,cpe:/o:schneider-electric:bmxp3420302_firmware:-,cpe:/o:schneider-electric:bmxp3420302cl_firmware:-,cpe:/o:schneider-electric:bmxp3420302h_firmware:-,cpe:/o:schneider-electric:tsxh5724m_firmware:-,cpe:/o:schneider-electric:tsxh5724mc_firmware:-,cpe:/o:schneider-electric:tsxh5744m_firmware:-,cpe:/o:schneider-electric:tsxh5744mc_firmware:-,cpe:/o:schneider-electric:tsxp57104m_firmware:-,cpe:/o:schneider-electric:tsxp57104mc_firmware:-,cpe:/o:schneider-electric:tsxp57154m_firmware:-,cpe:/o:schneider-electric:tsxp57154mc_firmware:-,cpe:/o:schneider-electric:tsxp571634m_firmware:-,cpe:/o:schneider-electric:tsxp571634mc_firmware:-,cpe:/o:schneider-electric:tsxp57204m_firmware:-,cpe:/o:schneider-electric:tsxp57204mc_firmware:-,cpe:/o:schneider-electric:tsxp57254m_firmware:-,cpe:/o:schneider-electric:tsxp57254mc_firmware:-,cpe:/o:schneider-electric:tsxp572634m_firmware:-,cpe:/o:schneider-electric:tsxp572634mc_firmware:-,cpe:/o:schneider-electric:tsxp57304m_firmware:-,cpe:/o:schneider-electric:tsxp57304mc_firmware:-,cpe:/o:schneider-electric:tsxp57354m_firmware:-,cpe:/o:schneider-electric:tsxp57354mc_firmware:-,cpe:/o:schneider-electric:tsxp573634m_firmware:-,cpe:/o:schneider-electric:tsxp573634mc_firmware:-,cpe:/o:schneider-electric:tsxp57454m_firmware:-,cpe:/o:schneider-electric:tsxp57454mc_firmware:-,cpe:/o:schneider-electric:tsxp574634m_firmware:-,cpe:/o:schneider-electric:tsxp574634mc_firmware:-,cpe:/o:schneider-electric:tsxp57554m_firmware:-,cpe:/o:schneider-electric:tsxp57554mc_firmware:-,cpe:/o:schneider-electric:tsxp575634m_firmware:-,cpe:/o:schneider-electric:tsxp575634mc_firmware:-,cpe:/o:schneider-electric:tsxp576634m_firmware:-,cpe:/o:schneider-electric:tsxp576634mc_firmware:-
需要kb项 :Tenable.ot/Schneider
开发易斯 :无已知利用
补丁发布日期 :4/18/2018
漏洞发布日期 :4/18/2018
参考信息
CVE系统 :CVE-2018-7242
CWE系统 :326