CVE-2018-7811
published 2018-11-30CVE-2018-7811: An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an…
PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.50%
87.7th percentile
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://[ip]/unsecure/embedded/builtin?Language=English&user=admin&passwd=evilpass&cnfpasswd=evilpass&subhttppwd=Save+User↗
bytes↗
\x0\xa8\x0\x0\x0\x5\x0\x5a\x0\x7\x0
- →Detect unauthenticated HTTP GET requests to /unsecure/embedded/builtin containing password-change parameters (passwd=, cnfpasswd=, subhttppwd=Save+User) from unauthenticated sources — this is the CVE-2018-7811 attack vector. ↗
- →Monitor for HTTP GET requests to /secure/embedded/builtin with password-change query parameters (passwd=, cnfpasswd=, subhttppwd=Save+User) — absence of anti-CSRF token and no current-password requirement makes CSRF exploitation (CVE-2018-7831) detectable by this pattern. ↗
- →Alert on Modbus TCP traffic to port 502 on Modicon devices containing the byte sequence \x00\xa8\x00\x00\x00\x05\x00\x5a\x00\x07\x00, which triggers a complete shutdown of the Ethernet module. ↗
- →Flag use of known default credentials on Modicon FTP services: sysdiag/factorycast@schneider, fdrusers/sresurdf, fwupgrade/FaAmU5p2F~, loki/ZfTljublsx. ↗
- ·The unauthenticated password-change endpoint (/unsecure/embedded/builtin) is distinct from the authenticated endpoint (/secure/embedded/builtin); detection rules must cover both paths to catch both unauthenticated (CVE-2018-7811) and CSRF-based (CVE-2018-7831) attack scenarios. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon Quantum PLC
blogs_tenable·2018-11-27
Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon Quantum PLC
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon Quantum PLC
blogs_tenable·2018-11-27·CVSS 9.8
[CRITICAL] Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon Quantum PLC
Blog / Research
Subscribe
# Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon Quantum PLC
Tenable Research
November 27, 2018
4 Min Read
Tenable Research discovered multiple vulnerabilities in Schneider’s Modicon Quantum programmable logic controller. Schneider has recommended mitigations for impacted end users.
### Background
While examining a Schneider Modicon Quantum programmable logic controller (PLC) Tenable Research discovered several vulnerabilities.
The Modicon Quantum is used for complex process control, safety and infrastructure in industrial settings like manufacturing. Industrial control systems typically include a computer called a programmable logic controller (PLC). PLCs connect directly to instruments, for example valve and pump actuators a
Tenable
[R1] Multiple Schneider Electric Modicon Quantum Vulnerabilities
blogs_tenable·2018-11-26
[R1] Multiple Schneider Electric Modicon Quantum Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
arXiv
The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World
arxiv_fulltext·2021-11-27
The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World
The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World
Simon Daniel Duque Anton,
Daniel Fraunholz,
Daniel Krohmer,
Daniel Reti,
Daniel Schneider,
and Hans Dieter Schotten
This is a pre-print of a paper published in the IEEE Internet of Things Journal.
Please cite as: SD Duque Anton, D Fraunholz, D Krohmer, D Reti, D Schneider, and HD Schotten: The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilites around the World, IEEE Internet of Things Journal, May 2021
S. D. Duque Anton was with the German Research Center for Artificial Intelligence. He is now with the comlet Verteilte Systeme GmbH and with the University of Kaiserslautern.
D. Reti, D. Schneider and H. D. Schotten are with the G
https://security.cse.iitk.ac.in/responsible-disclosurehttps://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/https://www.tenable.com/security/research/tra-2018-38https://security.cse.iitk.ac.in/responsible-disclosurehttps://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/https://www.tenable.com/security/research/tra-2018-38
2018-11-30
Published