cvedb.io
CVE-2018-7809
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-11-30T19:29:00.437 · Last modified 2026-06-17T02:03:46.450

Summary

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.

Affected products

schneider-electric — modicom_m340_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when schneider-electric ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.