Vulnerability Details : CVE-2018-7789
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.
Products affected by CVE-2018-7789
- cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7789
0.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7789
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-7789
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7789
-
https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/
Security Notification - Modicon M221 | Schneider ElectricMitigation;Vendor Advisory
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02
Schneider Electric Modicon M221 | CISAMitigation;Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/105171
Schneider Electric Modicon M221 CVE-2018-7789 Remote Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to