ExploitCVE-2018-7830
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') (CWE-113)
Published: Nov 30, 2018 / Updated: 71mo ago
010
No CVSS yetEPSS 0.37%
CVE info copied to clipboard
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.
Timeline
First Article
Feedly found the first article mentioning CVE-2018-7830. See article
Nov 27, 2018 at 4:08 PM / www.inoreader.com
EPSS
EPSS Score was set to: 0.37% (Percentile: 69.3%)
Oct 23, 2023 at 11:14 PM
Affected Systems
Schneider-electric/modicom_m340_firmware
+null more
Exploits
https://www.tenable.com/security/research/tra-2018-38
+null more
Patches
www.schneider-electric.com
+null more
Attack Patterns
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
+null more
News
Update Wed Dec 20 12:30:45 UTC 2023
Update Wed Dec 20 12:30:45 UTC 2023
Schneider (CVE-2018-7830)
Tenable.ot Plugin ID 500311 with High Severity Synopsis The remote OT asset is affected by a vulnerability. Description Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. Solution Refer to the vendor advisory. Read more at https://www.tenable.com/plugins/ot/500311