Improper Check for Unusual Conditions in Schneider Electric's Modicon M221
CVE-2018-7789

7.5HIGH

Key Information:

Vendor
Schneider Electric
Status
Modicon M221, All References, All Versions Prior To Firmware V1.6.2.0
Vendor
CVE Published:
29 August 2018

Summary

A vulnerability in Schneider Electric's Modicon M221 product enables unauthorized users to execute remote reboots by sending specially crafted programming protocol frames. This security flaw affects all versions prior to firmware V1.6.2.0, potentially exposing systems to disruptions and unauthorized control. Users are advised to update their firmware to mitigate this risk.

Affected Version(s)

Modicon M221, all references, all prior to firmware V1.6.2.0 Modicon M221, all references, all versions prior to firmware V1.6.2.0

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02
x_refsource_MISC
https://www.schneider-electric.com/en/download/document/S...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105171
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.