An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105182 | Third Party Advisory VDB Entry |
https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/ | Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/105182 | Third Party Advisory VDB Entry |
https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/ | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:12
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/105182 - Third Party Advisory, VDB Entry | |
References | () https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/ - Mitigation, Vendor Advisory |
Information
Published : 2018-08-29 21:29
Updated : 2024-11-21 04:12
NVD link : CVE-2018-7790
Mitre link : CVE-2018-7790
CVE.ORG link : CVE-2018-7790
JSON object : View
Products Affected
schneider-electric
- modicon_m221_firmware
- modicon_m221
CWE
CWE-294
Authentication Bypass by Capture-replay