VAR-201804-1334
Vulnerability from variot - Updated: 2024-11-23 23:05A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number. plural Schneider Electric Product Contains a session expiration vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric MiCOM Px4x, MiCOM P540D Range and MiCOM Px4x Rejuvenated are relay products of French Schneider Electric (Schneider Electric). Attackers can exploit this vulnerability to disable network communication for users. The following products and versions are affected: Schneider Electric MiCOM P14x version 46, all D6 versions except MiCOM P44x D6(E), MiCOM P64x, MiCOM P849 (MiCOM Px4x); MiCOM P445 version 35, version 36, version 37, version E0 , F0 version, F1 version, F2 version, MiCOM P443Version 54, Version 55, Version 57, Version B0, Version D0, Version D1, Version D2, P446 Version 54, Version 55, Version 57, Version B0, Version D0, Version D1, Version D2, MiCOM P543 to P546 44 Version, Version 54, Version 45, Version 55, Version 47, Version 57, Version A0, Version B0, Version C0, Version DO, Version D1, Version D2, MiCOM P841A Version 44, Version 45, Version 47, Version A0 , C0() version, C1 version, C2 version, MiCOM P841B 54 version, 55 version, 57 version, B0 version, D0*) version, D1 version, D2 (MiCOM P540D Range); MiCOM P443 H4 version, MiCOM P445 H4 version, MiCOM P446 H4 version, MiCOM All P54x H4 version, MiCOM P841A H4 version, MiCOM P841B H4 version, other versions except MiCOM P14x B2(B), MiCOM P44x, MiCOM P64x, MiCOM P746, MiCOM P849 (MiCOM Px4x Rejuvenated )
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micom p142",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p145",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p746",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p643",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p849",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p645",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p141",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p841a",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p642",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p143",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p545",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p542",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p546",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p841b",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p544",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p444",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p443",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p441",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p543",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p541",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p442",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p445",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p446",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p141",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p441",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p541",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p642",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom p841a",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-826"
},
{
"db": "NVD",
"id": "CVE-2018-7758"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:micom_p141_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:micom_p441_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:micom_p541_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:micom_p642_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:micom_p841a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
}
]
},
"cve": "CVE-2018-7758",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2018-7758",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-137790",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7758",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7758",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7758",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-826",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-137790",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-826"
},
{
"db": "NVD",
"id": "CVE-2018-7758"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in Schneider Electric\u0027s MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number. plural Schneider Electric Product Contains a session expiration vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric MiCOM Px4x, MiCOM P540D Range and MiCOM Px4x Rejuvenated are relay products of French Schneider Electric (Schneider Electric). Attackers can exploit this vulnerability to disable network communication for users. The following products and versions are affected: Schneider Electric MiCOM P14x version 46, all D6 versions except MiCOM P44x D6(E), MiCOM P64x, MiCOM P849 (MiCOM Px4x); MiCOM P445 version 35, version 36, version 37, version E0 , F0* version, F1 version, F2 version, MiCOM P443Version 54, Version 55, Version 57, Version B0, Version D0*, Version D1, Version D2, P446 Version 54, Version 55, Version 57, Version B0, Version D0*, Version D1, Version D2, MiCOM P543 to P546 44 Version, Version 54, Version 45, Version 55, Version 47, Version 57, Version A0, Version B0, Version C0*, Version DO*, Version D1, Version D2, MiCOM P841A Version 44, Version 45, Version 47, Version A0 , C0(*) version, C1 version, C2 version, MiCOM P841B 54 version, 55 version, 57 version, B0 version, D0*) version, D1 version, D2 (MiCOM P540D Range); MiCOM P443 H4 version, MiCOM P445 H4 version, MiCOM P446 H4 version, MiCOM All P54x H4 version, MiCOM P841A H4 version, MiCOM P841B H4 version, other versions except MiCOM P14x B2(B), MiCOM P44x, MiCOM P64x, MiCOM P746, MiCOM P849 (MiCOM Px4x Rejuvenated )",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7758"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"db": "VULHUB",
"id": "VHN-137790"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7758",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-074-03",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-074-02",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-074-04",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004488",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-826",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137790",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-826"
},
{
"db": "NVD",
"id": "CVE-2018-7758"
}
]
},
"id": "VAR-201804-1334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-137790"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:05:08.115000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-074-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/"
},
{
"title": "SEVD-2018-074-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/"
},
{
"title": "SEVD-2018-074-04",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/"
},
{
"title": "Schneider Electric MiCOM Px4x , MiCOM P540D Range and MiCOM Px4x Rejuvenated Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80187"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-826"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-613",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"db": "NVD",
"id": "CVE-2018-7758"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-074-02/"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-074-03/"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-074-04/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7758"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7758"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-826"
},
{
"db": "NVD",
"id": "CVE-2018-7758"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-137790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-826"
},
{
"db": "NVD",
"id": "CVE-2018-7758"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137790"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-826"
},
{
"date": "2018-04-18T20:29:00.623000",
"db": "NVD",
"id": "CVE-2018-7758"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-137790"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004488"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-826"
},
{
"date": "2024-11-21T04:12:40.817000",
"db": "NVD",
"id": "CVE-2018-7758"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-826"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Vulnerability related to session expiration in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004488"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-826"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…