CVE-2018-7790

CRITICAL

Schneider Electric's Modicon M221 - Info Disclosure

Title source: llm

Description

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105182

[Mitigation, Vendor Advisory] https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/

Scores

CVSS v3 9.8

EPSS 0.0113

EPSS Percentile 78.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-294

Status published

Products (1)

schneider-electric/modicon_m221_firmware < 1.6.2.0

Published Aug 29, 2018

Tracked Since Feb 18, 2026