Attacker Value
Unknown
0
CVE-2018-7759
0
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
MITRE ATT&CK
Select the MITRE ATT&CK Tactics that apply to this CVE
Collection
Select any Techniques used:
Command and Control
Select any Techniques used:
Credential Access
Select any Techniques used:
Defense Evasion
Select any Techniques used:
Discovery
Select any Techniques used:
Execution
Select any Techniques used:
Exfiltration
Select any Techniques used:
Impact
Select any Techniques used:
Initial Access
Select any Techniques used:
Lateral Movement
Select any Techniques used:
Persistence
Select any Techniques used:
Privilege Escalation
Select any Techniques used:
Topic Tags
Select the tags that apply to this CVE (Assessment added tags are disabled and cannot be removed)
What makes this of high-value to an attacker?
What makes this of low-value to an attacker?
Description
A buffer overflow vulnerability exists in Schneider Electric’s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown
General Information
Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200 All Modicon M340, Premium, Quantum PLCs and BMXNOR0200
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown
Vendors
Products
- 140cpu31110 firmware -,
- 140cpu31110c firmware -,
- 140cpu43412u firmware -,
- 140cpu43412uc firmware -,
- 140cpu65150 firmware -,
- 140cpu65150c firmware -,
- 140cpu65160 firmware -,
- 140cpu65160c firmware -,
- 140cpu65160s firmware -,
- 140cpu65260 firmware -,
- 140cpu65260c firmware -,
- 140cpu65860 firmware -,
- 140cpu65860c firmware -,
- bmxnor0200 firmware -,
- bmxnor0200h firmware -,
- modicon m340 bmxp341000 firmware -,
- modicon m340 bmxp341000h firmware -,
- modicon m340 bmxp342000 firmware -,
- modicon m340 bmxp3420102 firmware -,
- modicon m340 bmxp3420102cl firmware -,
- modicon m340 bmxp342020 firmware -,
- modicon m340 bmxp342020h firmware -,
- modicon m340 bmxp3420302 firmware -,
- modicon m340 bmxp3420302cl firmware -,
- modicon m340 bmxp3420302h firmware -,
- tsxh5724m firmware -,
- tsxh5724mc firmware -,
- tsxh5744m firmware -,
- tsxh5744mc firmware -,
- tsxp57104m firmware -,
- tsxp57104mc firmware -,
- tsxp57154m firmware -,
- tsxp57154mc firmware -,
- tsxp571634m firmware -,
- tsxp571634mc firmware -,
- tsxp57204m firmware -,
- tsxp57204mc firmware -,
- tsxp57254m firmware -,
- tsxp57254mc firmware -,
- tsxp572634m firmware -,
- tsxp572634mc firmware -,
- tsxp57304m firmware -,
- tsxp57304mc firmware -,
- tsxp57354m firmware -,
- tsxp57354mc firmware -,
- tsxp573634m firmware -,
- tsxp573634mc firmware -,
- tsxp57454m firmware -,
- tsxp57454mc firmware -,
- tsxp574634m firmware -,
- tsxp574634mc firmware -,
- tsxp57554m firmware -,
- tsxp57554mc firmware -,
- tsxp575634m firmware -,
- tsxp575634mc firmware -,
- tsxp576634m firmware -,
- tsxp576634mc firmware -
References
Additional Info
Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Rapid7
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
