CVE-2018-7790

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:12

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/105182 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/105182 - Third Party Advisory, VDB Entry
References () https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/ - Mitigation, Vendor Advisory () https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/ - Mitigation, Vendor Advisory

Information

Published : 2018-08-29 21:29

Updated : 2024-11-21 04:12


NVD link : CVE-2018-7790

Mitre link : CVE-2018-7790

CVE.ORG link : CVE-2018-7790


JSON object : View

Products Affected

schneider-electric

  • modicon_m221_firmware
  • modicon_m221
CWE
CWE-294

Authentication Bypass by Capture-replay