Insufficient verification of data authenticity in Modicon M221 - CVE-2018-7798
Published: November 20, 2018 / Updated: November 21, 2018
Vulnerability identifier: #VU15987
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-7798
CWE-ID: CWE-345
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
Modicon M221
Modicon M221
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to improper implementation of the network configuration module in UMAS protocol. A remote attacker can modify configuration parameters and intercept a target PLC’s network traffic.
How to mitigate CVE-2018-7798
Schneider Electric recommends the following mitigations to reduce the risk:
- Set up a firewall blocking all remote/external access to Port 502.
- Within the Modicon M221 application, users should disable all unused protocols, especially programming protocol, as described in section “Configuring Ethernet Network” of SoMachine Basic online help. This will prevent remote programming of the M221 PLC.