CVE-2018-7798
First published: Fri Nov 02 2018(Updated: )
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Somachine Basic | ||
| Schneider-electric Modicon M221 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-7798.
What is the severity rating of CVE-2018-7798?
CVE-2018-7798 has a severity rating of 8.2 (high).
What software is affected by CVE-2018-7798?
The Schneider-electric Somachine Basic and Modicon M221 software are affected by CVE-2018-7798.
How can CVE-2018-7798 be exploited?
CVE-2018-7798 can be exploited by remotely connecting to the Modicon M221 device and causing a change of IPv4 configuration.
Are there any known fixes for CVE-2018-7798?
Yes, refer to the Schneider Electric security advisory SEVD-2018-270-01 for information about fixes or mitigations for CVE-2018-7798.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric somachine basic
- canonical/schneider-electric modicon m221