VAR-201905-1024
Vulnerability from variot - Updated: 2023-12-18 12:17An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. SoMachine Basic and Modicon M221 Contains a permission vulnerability.Information may be obtained. Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are both products of Schneider Electric. Schneider Electric SoMachine Basic is a software for logic controller programming. Schneider Electric Modicon M221 is a programmable logic controller.
Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 have an authorization issue vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.10.0.0"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine basic",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m221",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v1.10.0.0"
},
{
"model": "electric somachine basic",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine basic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.10.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"cve": "CVE-2018-7822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7822",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-45191",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-137854",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7822",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7822",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-45191",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-906",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137854",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. SoMachine Basic and Modicon M221 Contains a permission vulnerability.Information may be obtained. Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are both products of Schneider Electric. Schneider Electric SoMachine Basic is a software for logic controller programming. Schneider Electric Modicon M221 is a programmable logic controller. \n\nSchneider Electric SoMachine Basic and Schneider Electric Modicon M221 have an authorization issue vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7822"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "VULHUB",
"id": "VHN-137854"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7822",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-45191",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486",
"trust": 0.8
},
{
"db": "IVD",
"id": "30FEE716-90FD-423A-8DB4-6A253E5E76B4",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137854",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
]
},
"id": "VAR-201905-1024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
}
],
"trust": 1.8967532500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
}
]
},
"last_update_date": "2023-12-18T12:17:58.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-01/"
},
{
"title": "Patch for Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 Licensing Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/194043"
},
{
"title": "Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92884"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-275",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7822"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7822"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"date": "2019-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137854"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"date": "2019-05-22T20:29:01.073000",
"db": "NVD",
"id": "CVE-2018-7822"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137854"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"date": "2022-01-31T20:47:17.980000",
"db": "NVD",
"id": "CVE-2018-7822"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SoMachine Basic and Modicon M221 Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…