Remote Launch Vulnerability in SoMachine Basic and Modicon M221 by Schneider Electric
CVE-2018-7823

5.3MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Somachine Basic And Modicon M221, Somachine Basic, All Versions Modicon M221, All References, All Versions Prior To Firmware V1.10.0.0
Vendor: CVE Published:; 22 May 2019

Summary

An Environment vulnerability identified in SoMachine Basic allows attackers to remotely launch the application by sending specially crafted Ethernet messages. This affects all versions of SoMachine Basic, as well as Modicon M221 devices with firmware versions prior to V1.10.0.0, potentially exposing critical systems to exploitation.

Affected Version(s)

SoMachine Basic and Modicon M221, SoMachine Basic, all Modicon M221, all references, all prior to firmware V1.10.0.0 SoMachine Basic and Modicon M221, SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2019
Vulnerability Reserved
Mar 8, 2018