#VU15987 Insufficient verification of data authenticity in Modicon M221 - CVE-2018-7798
Published: November 20, 2018 / Updated: November 21, 2018
Vulnerability identifier: #VU15987
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-7798
CWE-ID: CWE-345
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Modicon M221
Modicon M221
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to improper implementation of the network configuration module in UMAS protocol. A remote attacker can modify configuration parameters and intercept a target PLC’s network traffic.
Remediation
Schneider Electric recommends the following mitigations to reduce the risk:
- Set up a firewall blocking all remote/external access to Port 502.
- Within the Modicon M221 application, users should disable all unused protocols, especially programming protocol, as described in section “Configuring Ethernet Network” of SoMachine Basic online help. This will prevent remote programming of the M221 PLC.