First published: Fri Nov 02 2018(Updated: )
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Somachine Basic | ||
Schneider-electric Modicon M221 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-7798.
CVE-2018-7798 has a severity rating of 8.2 (high).
The Schneider-electric Somachine Basic and Modicon M221 software are affected by CVE-2018-7798.
CVE-2018-7798 can be exploited by remotely connecting to the Modicon M221 device and causing a change of IPv4 configuration.
Yes, refer to the Schneider Electric security advisory SEVD-2018-270-01 for information about fixes or mitigations for CVE-2018-7798.