Vulnerability Description
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M221 Firmware | < 1.6.2.0 |
| Schneider-Electric | Modicon M221 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105182Third Party AdvisoryVDB Entry
- https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/MitigationVendor Advisory
- http://www.securityfocus.com/bid/105182Third Party AdvisoryVDB Entry
- https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/MitigationVendor Advisory
FAQ
What is CVE-2018-7790?
CVE-2018-7790 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users...
How severe is CVE-2018-7790?
CVE-2018-7790 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7790?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M221 Firmware, Schneider-Electric Modicon M221.