cvelistv5 - cve-2018-7791

CVE-2018-7791 (GCVE-0-2018-7791)

Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2024-09-17 04:03

Summary

Severity ?

No CVSS data available.

CWE

Permissions, Privileges, and Access Control

Assigner

schneider

References

URL

Tags

	http://www.securityfocus.com/bid/105182	vdb-entryx_refsource_BID
	https://www.schneider-electric.com/en/download/do…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Schneider Electric SE	Modicon M221, all references, all versions prior to firmware V1.6.2.0	Affected: Modicon M221, all references, all versions prior to firmware V1.6.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105182",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105182"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Permissions, Privileges, and Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-31T09:57:01",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "name": "105182",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105182"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "DATE_PUBLIC": "2018-08-22T00:00:00",
          "ID": "CVE-2018-7791",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Permissions, Privileges, and Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105182",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105182"
            },
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7791",
    "datePublished": "2018-08-29T21:00:00Z",
    "dateReserved": "2018-03-08T00:00:00",
    "dateUpdated": "2024-09-17T04:03:55.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.6.2.0\", \"matchCriteriaId\": \"55D26878-E5EB-4537-A252-34B3EBB758CC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB0D83F4-B718-47AB-AFB8-B576CB138AAC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de permisos, privilegios y control de acceso en el producto Modicon M221, de Schneider Electric (todas las referencias y todas las versiones anteriores al firmware V1.6.2.0). La vulnerabilidad permite que usuarios no autorizados sobrescriban la contrase\\u00f1a original con su contrase\\u00f1a. Si un atacante explota la vulnerabilidad y sobrescribe la contrase\\u00f1a, el atacante puede subir el programa original desde el PLC.\"}]",
      "id": "CVE-2018-7791",
      "lastModified": "2024-11-21T04:12:44.530",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-08-29T21:29:01.180",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105182\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105182\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7791\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2018-08-29T21:29:01.180\",\"lastModified\":\"2024-11-21T04:12:44.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de permisos, privilegios y control de acceso en el producto Modicon M221, de Schneider Electric (todas las referencias y todas las versiones anteriores al firmware V1.6.2.0). La vulnerabilidad permite que usuarios no autorizados sobrescriban la contrase\u00f1a original con su contrase\u00f1a. Si un atacante explota la vulnerabilidad y sobrescribe la contrase\u00f1a, el atacante puede subir el programa original desde el PLC.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.6.2.0\",\"matchCriteriaId\":\"55D26878-E5EB-4537-A252-34B3EBB758CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB0D83F4-B718-47AB-AFB8-B576CB138AAC\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105182\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105182\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-PPC6-Q8HW-556J

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-7791"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-29T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.",
  "id": "GHSA-ppc6-q8hw-556j",
  "modified": "2022-05-13T01:04:03Z",
  "published": "2022-05-13T01:04:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7791"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105182"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2018-AVI-418

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans SCADA les produits Schneider Electric . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Modicon M221 versions antérieures à V1.6.2.0
Schneider Electric	N/A	PowerLogic PM5560 versions antérieures à 2.5.4
Schneider Electric	N/A	Clés USB fournies avec toutes les versions de Conext Battery Monitor (sku 865-1080-01)
Schneider Electric	N/A	Clés USB fournies avec toutes les versions de Conext Combox (sku 865-1058)

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Schneider Electric SEVD-2018-228-01 du 16 août 2018	None	vendor-advisory
Bulletin de sécurité SCADA Schneider Electric SEVD-2018-233-01 du 21 août 2018	None	vendor-advisory
Bulletin de sécurité SCADA Schneider Electric SEVD-2018-235-01 du 23 août 2018	None	vendor-advisory
Bulletin de sécurité SCADA Schneider Electric SESN-2018-236-01 du 24 août 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Modicon M221 versions ant\u00e9rieures \u00e0 V1.6.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic PM5560 versions ant\u00e9rieures \u00e0 2.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Cl\u00e9s USB fournies avec toutes les versions de Conext Battery Monitor (sku 865-1080-01)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Cl\u00e9s USB fournies avec toutes les versions de Conext Combox (sku 865-1058)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7790"
    },
    {
      "name": "CVE-2018-7789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7789"
    },
    {
      "name": "CVE-2018-7792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7792"
    },
    {
      "name": "CVE-2018-7795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7795"
    },
    {
      "name": "CVE-2018-7791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7791"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-418",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-08-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric . Certaines d\u0027entre elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SEVD-2018-228-01 du 16 ao\u00fbt 2018",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-228-01-PowerLogic+PM5560.pdf\u0026p_Doc_Ref=SEVD-2018-228-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SEVD-2018-233-01 du 21 ao\u00fbt 2018",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-233-01+Modicon+M221.pdf\u0026p_Doc_Ref=SEVD-2018-233-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SEVD-2018-235-01 du 23 ao\u00fbt 2018",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-235-01-Modicon-M221.pdf\u0026p_Doc_Ref=SEVD-2018-235-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SESN-2018-236-01 du 24 ao\u00fbt 2018",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SESN-2018-236-01+Conext+USB+Malware.pdf\u0026p_Doc_Ref=SESN-2018-236-01"
    }
  ]
}

CERTFR-2018-AVI-418

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Modicon M221 versions antérieures à V1.6.2.0
Schneider Electric	N/A	PowerLogic PM5560 versions antérieures à 2.5.4
Schneider Electric	N/A	Clés USB fournies avec toutes les versions de Conext Battery Monitor (sku 865-1080-01)
Schneider Electric	N/A	Clés USB fournies avec toutes les versions de Conext Combox (sku 865-1058)

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Schneider Electric SEVD-2018-228-01 du 16 août 2018	None	vendor-advisory
Bulletin de sécurité SCADA Schneider Electric SEVD-2018-233-01 du 21 août 2018	None	vendor-advisory
Bulletin de sécurité SCADA Schneider Electric SEVD-2018-235-01 du 23 août 2018	None	vendor-advisory
Bulletin de sécurité SCADA Schneider Electric SESN-2018-236-01 du 24 août 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Modicon M221 versions ant\u00e9rieures \u00e0 V1.6.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic PM5560 versions ant\u00e9rieures \u00e0 2.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Cl\u00e9s USB fournies avec toutes les versions de Conext Battery Monitor (sku 865-1080-01)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Cl\u00e9s USB fournies avec toutes les versions de Conext Combox (sku 865-1058)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7790"
    },
    {
      "name": "CVE-2018-7789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7789"
    },
    {
      "name": "CVE-2018-7792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7792"
    },
    {
      "name": "CVE-2018-7795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7795"
    },
    {
      "name": "CVE-2018-7791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7791"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-418",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-08-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric . Certaines d\u0027entre elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SEVD-2018-228-01 du 16 ao\u00fbt 2018",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-228-01-PowerLogic+PM5560.pdf\u0026p_Doc_Ref=SEVD-2018-228-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SEVD-2018-233-01 du 21 ao\u00fbt 2018",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-233-01+Modicon+M221.pdf\u0026p_Doc_Ref=SEVD-2018-233-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SEVD-2018-235-01 du 23 ao\u00fbt 2018",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-235-01-Modicon-M221.pdf\u0026p_Doc_Ref=SEVD-2018-235-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SESN-2018-236-01 du 24 ao\u00fbt 2018",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SESN-2018-236-01+Conext+USB+Malware.pdf\u0026p_Doc_Ref=SESN-2018-236-01"
    }
  ]
}

FKIE_CVE-2018-7791

Vulnerability from fkie_nvd - Published: 2018-08-29 21:29 - Updated: 2024-11-21 04:12

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cybersecurity@se.com	http://www.securityfocus.com/bid/105182	Third Party Advisory, VDB Entry
cybersecurity@se.com	https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105182	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	modicon_m221_firmware	*
	schneider-electric	modicon_m221	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D26878-E5EB-4537-A252-34B3EBB758CC",
              "versionEndExcluding": "1.6.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0D83F4-B718-47AB-AFB8-B576CB138AAC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de permisos, privilegios y control de acceso en el producto Modicon M221, de Schneider Electric (todas las referencias y todas las versiones anteriores al firmware V1.6.2.0). La vulnerabilidad permite que usuarios no autorizados sobrescriban la contrase\u00f1a original con su contrase\u00f1a. Si un atacante explota la vulnerabilidad y sobrescribe la contrase\u00f1a, el atacante puede subir el programa original desde el PLC."
    }
  ],
  "id": "CVE-2018-7791",
  "lastModified": "2024-11-21T04:12:44.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-29T21:29:01.180",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105182"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-18-240-01

Vulnerability from csaf_cisa - Published: 2018-08-28 00:00 - Updated: 2018-08-28 00:00

Summary

Schneider Electric Modicon M221

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities may allow unauthorized users to replay authentication sequences, overwrite passwords, or decode passwords.

Critical infrastructure sectors

Commercial Facilities

Countries/areas deployed

Worldwide

Company headquarters location

France

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Irfan Ahmed",
          "Hyunguk Yoo",
          "Sushma Kalle",
          "Nehal Ameen"
        ],
        "organization": "the University of New Orleans",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities may allow unauthorized users to replay authentication sequences, overwrite passwords, or decode passwords.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "France",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-240-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-240-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-240-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-240-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Schneider Electric Modicon M221",
    "tracking": {
      "current_release_date": "2018-08-28T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-240-01",
      "initial_release_date": "2018-08-28T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-08-28T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-240-01 Schneider Electric Modicon M221"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 1.6.2.0",
                "product": {
                  "name": "Modicon M221 all references: all versions prior to firmware v1.6.2.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Modicon M221 all references"
          }
        ],
        "category": "vendor",
        "name": "Schneider Electric Software, LLC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-7790",
      "cwe": {
        "id": "CWE-204",
        "name": "Observable Response Discrepancy"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability allows unauthorized users to replay authentication sequences.If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker may upload the original program from the PLC.CVE-2018-7790 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7790"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "A fix for these vulnerabilities is implemented in Modicon M221 Firmware v1.6.2.0, delivered within SoMachine Basic v1.6 SP2, which is available for download below, or by using Schneider Electric Software Update tool",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SoMachineBasicV1.6SP2/"
        },
        {
          "category": "mitigation",
          "details": "As a temporary mitigation, Modicon M221 users should take the following measures: Set up a firewall blocking all remote/external access to Port 502.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Within the Modicon M221 application, users must disable all unused protocols, especially programming protocol, as described in section \u201cConfiguring Ethernet Network\u201d of SoMachine Basic online help. This will prevent remote programming of the M221 PLC.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u0027s security notice SEVD-2018-235-01 is available",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-7791",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability allows unauthorized users to overwrite the original password.If an attacker exploits this vulnerability and overwrites the password, the attacker may upload the original program from the PLC.CVE-2018-7791 has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7791"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "A fix for these vulnerabilities is implemented in Modicon M221 Firmware v1.6.2.0, delivered within SoMachine Basic v1.6 SP2, which is available for download below, or by using Schneider Electric Software Update tool",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SoMachineBasicV1.6SP2/"
        },
        {
          "category": "mitigation",
          "details": "As a temporary mitigation, Modicon M221 users should take the following measures: Set up a firewall blocking all remote/external access to Port 502.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Within the Modicon M221 application, users must disable all unused protocols, especially programming protocol, as described in section \u201cConfiguring Ethernet Network\u201d of SoMachine Basic online help. This will prevent remote programming of the M221 PLC.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u0027s security notice SEVD-2018-235-01 is available",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-7792",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability allows unauthorized users to decode the password using a rainbow table.CVE-2018-7792 has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7792"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "A fix for these vulnerabilities is implemented in Modicon M221 Firmware v1.6.2.0, delivered within SoMachine Basic v1.6 SP2, which is available for download below, or by using Schneider Electric Software Update tool",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SoMachineBasicV1.6SP2/"
        },
        {
          "category": "mitigation",
          "details": "As a temporary mitigation, Modicon M221 users should take the following measures: Set up a firewall blocking all remote/external access to Port 502.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Within the Modicon M221 application, users must disable all unused protocols, especially programming protocol, as described in section \u201cConfiguring Ethernet Network\u201d of SoMachine Basic online help. This will prevent remote programming of the M221 PLC.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u0027s security notice SEVD-2018-235-01 is available",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-201808-0963

Vulnerability from variot - Updated: 2023-12-18 12:50

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC. The Modicon M221 is a logic controller from Schneider Electric. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0963",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "modicon m221",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "schneider electric",
        "version": "1.6.2.0"
      },
      {
        "model": "electric modicon m221",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "1.6.2.0"
      },
      {
        "model": "modicon m221",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": "1.1.1.5"
      },
      {
        "model": "modicon m221",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "1.5.0.1"
      },
      {
        "model": "modicon m221",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "1.5.0.0"
      },
      {
        "model": "modicon m221",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "0"
      },
      {
        "model": "modicon m221",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "1.6.2.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "modicon m221",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "db": "BID",
        "id": "105182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7791"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.6.2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7791"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Irfan Ahmed, Sushma Kalle, and Nehal Ameen of the University of New Orleans, Hyunguk Yoo",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-7791",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-7791",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-06190",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-137823",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-7791",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-7791",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-06190",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201808-908",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-137823",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7791"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC. The Modicon M221 is a logic controller from Schneider Electric. \nAttackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "db": "BID",
        "id": "105182"
      },
      {
        "db": "IVD",
        "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137823"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-7791",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "105182",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-240-01",
        "trust": 1.7
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2018-235-01",
        "trust": 1.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "159A5F16-67EB-4CC8-8569-AB9F24F77F20",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-137823",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137823"
      },
      {
        "db": "BID",
        "id": "105182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7791"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ]
  },
  "id": "VAR-201808-0963",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137823"
      }
    ],
    "trust": 1.8935065
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:50:35.341000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2018-235-01",
        "trust": 0.8,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-235-01/"
      },
      {
        "title": "SchneiderElectricModiconM221 patch for permission and access control vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/155257"
      },
      {
        "title": "Schneider Electric Modicon M221 Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100301"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      },
      {
        "problemtype": "CWE-862",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7791"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-01"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/105182"
      },
      {
        "trust": 1.7,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-235-01/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7791"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7791"
      },
      {
        "trust": 0.3,
        "url": "http://www.schneider-electric.com/products/ww/en/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137823"
      },
      {
        "db": "BID",
        "id": "105182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7791"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137823"
      },
      {
        "db": "BID",
        "id": "105182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7791"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-06T00:00:00",
        "db": "IVD",
        "id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
      },
      {
        "date": "2019-03-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "date": "2018-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-137823"
      },
      {
        "date": "2018-08-28T00:00:00",
        "db": "BID",
        "id": "105182"
      },
      {
        "date": "2018-12-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "date": "2018-08-29T21:29:01.180000",
        "db": "NVD",
        "id": "CVE-2018-7791"
      },
      {
        "date": "2018-08-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-06190"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-137823"
      },
      {
        "date": "2018-08-28T00:00:00",
        "db": "BID",
        "id": "105182"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      },
      {
        "date": "2022-02-03T14:31:12.443000",
        "db": "NVD",
        "id": "CVE-2018-7791"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric Modicon M221 Vulnerabilities related to authorization, authority, and access control in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009998"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-908"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2019-06190

Vulnerability from cnvd - Published: 2019-03-06

Title

Schneider Electric Modicon M221权限许可和访问控制漏洞

Description

Modicon M221是Schneider Electric（施耐德电气）推出的一款逻辑控制器。固件版本低于1.6.2.0的Schneider Electric Modicon M221存在权限许可和访问控制漏洞，未授权用户可利用该漏洞覆盖原始密码，从而可从PLC上传原始程序。

Severity

高

Patch Name

Schneider Electric Modicon M221权限许可和访问控制漏洞的补丁

Patch Description

Modicon M221是Schneider Electric（施耐德电气）推出的一款逻辑控制器。固件版本低于1.6.2.0的Schneider Electric Modicon M221存在权限许可和访问控制漏洞，未授权用户可利用该漏洞覆盖原始密码，从而可从PLC上传原始程序。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.schneider-electric.com/en/product-range-download/62128-logic-controller---modicon-m221#tabs-top

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-240-01

Impacted products

Name
Schneider Electric Modicon M221 <1.6.2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7791"
    }
  },
  "description": "Modicon M221\u662fSchneider Electric\uff08\u65bd\u8010\u5fb7\u7535\u6c14\uff09\u63a8\u51fa\u7684\u4e00\u6b3e\u903b\u8f91\u63a7\u5236\u5668\u3002\n\n\u56fa\u4ef6\u7248\u672c\u4f4e\u4e8e1.6.2.0\u7684Schneider Electric Modicon M221\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\uff0c\u672a\u6388\u6743\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u539f\u59cb\u5bc6\u7801\uff0c\u4ece\u800c\u53ef\u4ecePLC\u4e0a\u4f20\u539f\u59cb\u7a0b\u5e8f\u3002",
  "discovererName": "Irfan Ahmed, Hyunguk Yoo, Sushma Kalle, and Nehal Ameen",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.schneider-electric.com/en/product-range-download/62128-logic-controller---modicon-m221#tabs-top",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-06190",
  "openTime": "2019-03-06",
  "patchDescription": "Modicon M221\u662fSchneider Electric\uff08\u65bd\u8010\u5fb7\u7535\u6c14\uff09\u63a8\u51fa\u7684\u4e00\u6b3e\u903b\u8f91\u63a7\u5236\u5668\u3002\r\n\r\n\u56fa\u4ef6\u7248\u672c\u4f4e\u4e8e1.6.2.0\u7684Schneider Electric Modicon M221\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\uff0c\u672a\u6388\u6743\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u539f\u59cb\u5bc6\u7801\uff0c\u4ece\u800c\u53ef\u4ecePLC\u4e0a\u4f20\u539f\u59cb\u7a0b\u5e8f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric Modicon M221\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Schneider Electric Modicon M221 \u003c1.6.2.0"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-01",
  "serverity": "\u9ad8",
  "submitTime": "2018-08-29",
  "title": "Schneider Electric Modicon M221\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e"
}

GSD-2018-7791

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-7791

Aliases

CVE-2018-7791

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7791",
    "description": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.",
    "id": "GSD-2018-7791"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7791"
      ],
      "details": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.",
      "id": "GSD-2018-7791",
      "modified": "2023-12-13T01:22:32.745015Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "DATE_PUBLIC": "2018-08-22T00:00:00",
        "ID": "CVE-2018-7791",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider Electric SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Permissions, Privileges, and Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "105182",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105182"
          },
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
            "refsource": "CONFIRM",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.6.2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7791"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
            },
            {
              "name": "105182",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105182"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-02-03T14:31Z",
      "publishedDate": "2018-08-29T21:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-7791 (GCVE-0-2018-7791)

Solution

Solution

Tags

Sightings

Nomenclature