检测
分析学
Schneider电模溢出量,MQONUM340和MDICONBXNOR0200Stack基础缓冲溢出量(CVE-2018-7240
高位可租OT安全插件ID501218
简表
远程OT资产受脆弱性影响描述性
Schneider电机量子机所有版本通信模块都存在漏洞,允许任意代码执行FTP命令用于升级模块固件可被误用为拒绝服务或极端加载恶意固件插件只对Tenable.ot工作
网站s/www.yyueer.com/products/tenable-ot获取更多信息
求解
下文原由网络安全基础设施安全局创建原创可见于CISA.govSchneider电商建议用户遵守Medicon控制器平台-网络安全参考手册概述安全安装MediconPLCs
Schneider电气还建议受影响的用户在不需要维护或配置活动时禁止设备fTP服务
详情见Schneider电厂安全通知SEVD-2018-081-01
https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/
并见
http://www.securityfocus.com/bid/103541
插件细节
严重性 :高位
身份证 :501218
版本化 :1.2
类型 :远程
家庭问题 :可调用.ot
发布 :6/29/2023
更新 :7/24/2023
风险信息
VPR
风险因子 :中度
分数 :5点9分
CVSS v2
风险因子 :中度
基础评分 :6.5
时间评分 :4.8
向量 :CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS评分源 :CVE2018-7240
CVSSv3
风险因子 :高位
基础评分 :8.8
时间评分 :7.7
向量 :CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间向量 :CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE系统 :cpe:/o:schneider-electric:140cpu31110_firmware:-,cpe:/o:schneider-electric:140cpu31110c_firmware:-,cpe:/o:schneider-electric:140cpu43412u_firmware:-,cpe:/o:schneider-electric:140cpu43412uc_firmware:-,cpe:/o:schneider-electric:140cpu65150_firmware:-,cpe:/o:schneider-electric:140cpu65150c_firmware:-,cpe:/o:schneider-electric:140cpu65160_firmware:-,cpe:/o:schneider-electric:140cpu65160c_firmware:-,cpe:/o:schneider-electric:140cpu65160s_firmware:-,cpe:/o:schneider-electric:140cpu65260_firmware:-,cpe:/o:schneider-electric:140cpu65260c_firmware:-,cpe:/o:schneider-electric:140cpu65860_firmware:-,cpe:/o:schneider-electric:140cpu65860c_firmware:-,cpe:/o:schneider-electric:bmxnor0200_firmware:-,cpe:/o:schneider-electric:bmxnor0200h_firmware:-,cpe:/o:schneider-electric:bmxp341000_firmware:-,cpe:/o:schneider-electric:bmxp341000h_firmware:-,cpe:/o:schneider-electric:bmxp342000_firmware:-,cpe:/o:schneider-electric:bmxp3420102_firmware:-,cpe:/o:schneider-electric:bmxp3420102cl_firmware:-,cpe:/o:schneider-electric:bmxp342020_firmware:-,cpe:/o:schneider-electric:bmxp342020h_firmware:-,cpe:/o:schneider-electric:bmxp3420302_firmware:-,cpe:/o:schneider-electric:bmxp3420302cl_firmware:-,cpe:/o:schneider-electric:bmxp3420302h_firmware:-,cpe:/o:schneider-electric:tsxh5724m_firmware:-,cpe:/o:schneider-electric:tsxh5724mc_firmware:-,cpe:/o:schneider-electric:tsxh5744m_firmware:-,cpe:/o:schneider-electric:tsxh5744mc_firmware:-,cpe:/o:schneider-electric:tsxp57104m_firmware:-,cpe:/o:schneider-electric:tsxp57104mc_firmware:-,cpe:/o:schneider-electric:tsxp57154m_firmware:-,cpe:/o:schneider-electric:tsxp57154mc_firmware:-,cpe:/o:schneider-electric:tsxp571634m_firmware:-,cpe:/o:schneider-electric:tsxp571634mc_firmware:-,cpe:/o:schneider-electric:tsxp57204m_firmware:-,cpe:/o:schneider-electric:tsxp57204mc_firmware:-,cpe:/o:schneider-electric:tsxp57254m_firmware:-,cpe:/o:schneider-electric:tsxp57254mc_firmware:-,cpe:/o:schneider-electric:tsxp572634m_firmware:-,cpe:/o:schneider-electric:tsxp572634mc_firmware:-,cpe:/o:schneider-electric:tsxp57304m_firmware:-,cpe:/o:schneider-electric:tsxp57304mc_firmware:-,cpe:/o:schneider-electric:tsxp57354m_firmware:-,cpe:/o:schneider-electric:tsxp57354mc_firmware:-,cpe:/o:schneider-electric:tsxp573634m_firmware:-,cpe:/o:schneider-electric:tsxp573634mc_firmware:-,cpe:/o:schneider-electric:tsxp57454m_firmware:-,cpe:/o:schneider-electric:tsxp57454mc_firmware:-,cpe:/o:schneider-electric:tsxp574634m_firmware:-,cpe:/o:schneider-electric:tsxp574634mc_firmware:-,cpe:/o:schneider-electric:tsxp57554m_firmware:-,cpe:/o:schneider-electric:tsxp57554mc_firmware:-,cpe:/o:schneider-electric:tsxp575634m_firmware:-,cpe:/o:schneider-electric:tsxp575634mc_firmware:-,cpe:/o:schneider-electric:tsxp576634m_firmware:-,cpe:/o:schneider-electric:tsxp576634mc_firmware:-
需要kb项 :Tenable.ot/Schneider
开发易斯 :无已知利用
补丁发布日期 :4/18/2018
漏洞发布日期 :4/18/2018
参考信息
CVE系统 :CVE2018-7240
CWE系统 :787