CVEs-PoC/2018/CVE-2018-7812.md

### [CVE-2018-7812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7812)
![](https://img.shields.io/static/v1?label=Product&message=Embedded%20Web%20Servers%20in%20all%20Modicon%20M340%2C%20Premium%2C%20Quantum%20PLCs%20and%20BMXNOR0200&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Exposure%20Through%20Discrepancy&color=brighgreen)

### Description

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

### POC

#### Reference
- https://github.com/SadFud/Exploits/tree/master/Real%20World/SCADA%20-%20IOT%20Systems/CVE-2018-7812

#### Github
- https://github.com/SadFud/Exploits