Vulnerabilites related to Schneider Electric SE - Modicon M221, all references, all versions prior to firmware V1.6.2.0
CVE-2018-7790 (GCVE-0-2018-7790)
Vulnerability from cvelistv5
Published
2018-08-29 21:00
Modified
2024-09-16 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Management Error
Summary
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | Modicon M221, all references, all versions prior to firmware V1.6.2.0 |
Version: Modicon M221, all references, all versions prior to firmware V1.6.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105182"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Management Error vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Management Error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-31T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "105182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105182"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-7790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
"version": {
"version_data": [
{
"version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Management Error vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Management Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105182"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7790",
"datePublished": "2018-08-29T21:00:00Z",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-09-16T19:52:22.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7791 (GCVE-0-2018-7791)
Vulnerability from cvelistv5
Published
2018-08-29 21:00
Modified
2024-09-17 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Permissions, Privileges, and Access Control
Summary
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | Modicon M221, all references, all versions prior to firmware V1.6.2.0 |
Version: Modicon M221, all references, all versions prior to firmware V1.6.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105182"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Permissions, Privileges, and Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-31T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "105182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105182"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-7791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
"version": {
"version_data": [
{
"version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permissions, Privileges, and Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105182"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7791",
"datePublished": "2018-08-29T21:00:00Z",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-09-17T04:03:55.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7789 (GCVE-0-2018-7789)
Vulnerability from cvelistv5
Published
2018-08-29 20:00
Modified
2024-09-16 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Check for Unusual or Exceptional Conditions
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | Modicon M221, all references, all versions prior to firmware V1.6.2.0 |
Version: Modicon M221, all references, all versions prior to firmware V1.6.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/"
},
{
"name": "105171",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
}
]
}
],
"datePublic": "2018-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-30T19:57:02",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/"
},
{
"name": "105171",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-08-21T00:00:00",
"ID": "CVE-2018-7789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
"version": {
"version_data": [
{
"version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/"
},
{
"name": "105171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7789",
"datePublished": "2018-08-29T20:00:00Z",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-09-16T19:46:43.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7792 (GCVE-0-2018-7792)
Vulnerability from cvelistv5
Published
2018-08-29 21:00
Modified
2024-09-17 01:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Permissions, Privileges, and Access Control
Summary
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | Modicon M221, all references, all versions prior to firmware V1.6.2.0 |
Version: Modicon M221, all references, all versions prior to firmware V1.6.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105182"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Permissions, Privileges, and Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-31T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "105182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105182"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-7792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
"version": {
"version_data": [
{
"version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permissions, Privileges, and Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105182"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7792",
"datePublished": "2018-08-29T21:00:00Z",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-09-17T01:15:41.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}