CVE-2018-7791
First published: Wed Aug 29 2018(Updated: )
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Modicon M221 Firmware | <1.6.2.0 | |
| Schneider-electric Modicon M221 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-7791?
CVE-2018-7791 is a Permissions, Privileges, and Access Control vulnerability in Schneider Electric's Modicon M221 product.
What is the severity of CVE-2018-7791?
CVE-2018-7791 has a severity rating of 9.8, which is considered critical.
How does CVE-2018-7791 affect Schneider Electric's Modicon M221 product?
CVE-2018-7791 allows unauthorized users to overwrite the original password with their password.
Is my version of Schneider Electric's Modicon M221 firmware vulnerable to CVE-2018-7791?
If your Schneider Electric's Modicon M221 firmware version is prior to V1.6.2.0, it is vulnerable to CVE-2018-7791.
How can I fix CVE-2018-7791?
To fix CVE-2018-7791, you need to update Schneider Electric's Modicon M221 firmware to version V1.6.2.0 or later.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric modicon m221 firmware
- canonical/schneider-electric modicon m221