Information management error in Modicon M221

#VU14553 Information management error in Modicon M221

Published: 2018-08-29

Vulnerability identifier: #VU14553

Vulnerability risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7790

CWE-ID: CWE-199

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Modicon M221
Hardware solutions / Firmware

Vendor: Schneider Electric

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to information management error. A remote attacker can connect to a Modicon M221, upload the original program from the PLC and replay authentication sequences.

Mitigation
Update to version 1.6.2.0.

Vulnerable software versions

Modicon M221: All versions

External links
http://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-235-01-Modicon-M221.pdf&p_Doc_Ref=SEVD-2018-235-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Schneider Electric Modicon M221