Vulnerability Description
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M221 Firmware | < 1.6.2.0 |
| Schneider-Electric | Modicon M221 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105182Third Party AdvisoryVDB Entry
- https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/MitigationVendor Advisory
- http://www.securityfocus.com/bid/105182Third Party AdvisoryVDB Entry
- https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/MitigationVendor Advisory
FAQ
What is CVE-2018-7791?
CVE-2018-7791 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unau...
How severe is CVE-2018-7791?
CVE-2018-7791 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7791?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M221 Firmware, Schneider-Electric Modicon M221.