Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Modicon M221, all references, all versions prior to firmware V1.6.2.0 by Schneider Electric SE

    CVE-2018-7792 (GCVE-0-2018-7792)

    Vulnerability from nvd – Published: 2018-08-29 21:00 – Updated: 2026-05-29 14:03
    VLAI
    Summary
    A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Permissions, Privileges, and Access Control
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M221, all references, all versions prior to firmware V1.6.2.0 Affected: Modicon M221, all references, all versions prior to firmware V1.6.2.0
    Create a notification for this product.
    Date Public
    2018-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105182"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:01:27.327782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-327",
                    "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:03:17.593Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Permissions, Privileges, and Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-31T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "name": "105182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105182"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-08-22T00:00:00",
              "ID": "CVE-2018-7792",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Permissions, Privileges, and Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105182"
                },
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7792",
        "datePublished": "2018-08-29T21:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:03:17.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7791 (GCVE-0-2018-7791)

    Vulnerability from nvd – Published: 2018-08-29 21:00 – Updated: 2026-05-29 13:59
    VLAI
    Summary
    A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Permissions, Privileges, and Access Control
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M221, all references, all versions prior to firmware V1.6.2.0 Affected: Modicon M221, all references, all versions prior to firmware V1.6.2.0
    Create a notification for this product.
    Date Public
    2018-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105182"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T13:56:29.398277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T13:59:17.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Permissions, Privileges, and Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-31T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "name": "105182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105182"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-08-22T00:00:00",
              "ID": "CVE-2018-7791",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Permissions, Privileges, and Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105182"
                },
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7791",
        "datePublished": "2018-08-29T21:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T13:59:17.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7790 (GCVE-0-2018-7790)

    Vulnerability from nvd – Published: 2018-08-29 21:00 – Updated: 2026-05-29 13:55
    VLAI
    Summary
    An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Information Management Error
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M221, all references, all versions prior to firmware V1.6.2.0 Affected: Modicon M221, all references, all versions prior to firmware V1.6.2.0
    Create a notification for this product.
    Date Public
    2018-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105182"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7790",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T13:52:53.696411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-294",
                    "description": "CWE-294 Authentication Bypass by Capture-replay",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T13:55:56.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Information Management Error vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Management Error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-31T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "name": "105182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105182"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-08-22T00:00:00",
              "ID": "CVE-2018-7790",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Information Management Error vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Management Error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105182"
                },
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7790",
        "datePublished": "2018-08-29T21:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T13:55:56.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7789 (GCVE-0-2018-7789)

    Vulnerability from nvd – Published: 2018-08-29 20:00 – Updated: 2026-05-29 13:50
    VLAI
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Check for Unusual or Exceptional Conditions
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M221, all references, all versions prior to firmware V1.6.2.0 Affected: Modicon M221, all references, all versions prior to firmware V1.6.2.0
    Create a notification for this product.
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.299Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/"
              },
              {
                "name": "105171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105171"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7789",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T13:42:20.871154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-754",
                    "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T13:50:59.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-30T19:57:02.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/"
            },
            {
              "name": "105171",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-08-21T00:00:00",
              "ID": "CVE-2018-7789",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02"
                },
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/"
                },
                {
                  "name": "105171",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7789",
        "datePublished": "2018-08-29T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T13:50:59.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7791 (GCVE-0-2018-7791)

    Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2026-05-29 13:59
    VLAI
    Summary
    A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Permissions, Privileges, and Access Control
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M221, all references, all versions prior to firmware V1.6.2.0 Affected: Modicon M221, all references, all versions prior to firmware V1.6.2.0
    Create a notification for this product.
    Date Public
    2018-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105182"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T13:56:29.398277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T13:59:17.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Permissions, Privileges, and Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-31T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "name": "105182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105182"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-08-22T00:00:00",
              "ID": "CVE-2018-7791",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Permissions, Privileges, and Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105182"
                },
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7791",
        "datePublished": "2018-08-29T21:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T13:59:17.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7792 (GCVE-0-2018-7792)

    Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2026-05-29 14:03
    VLAI
    Summary
    A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Permissions, Privileges, and Access Control
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M221, all references, all versions prior to firmware V1.6.2.0 Affected: Modicon M221, all references, all versions prior to firmware V1.6.2.0
    Create a notification for this product.
    Date Public
    2018-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105182"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:01:27.327782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-327",
                    "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:03:17.593Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Permissions, Privileges, and Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-31T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "name": "105182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105182"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-08-22T00:00:00",
              "ID": "CVE-2018-7792",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Permissions, Privileges, and Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105182"
                },
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7792",
        "datePublished": "2018-08-29T21:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:03:17.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7790 (GCVE-0-2018-7790)

    Vulnerability from cvelistv5 – Published: 2018-08-29 21:00 – Updated: 2026-05-29 13:55
    VLAI
    Summary
    An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Information Management Error
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M221, all references, all versions prior to firmware V1.6.2.0 Affected: Modicon M221, all references, all versions prior to firmware V1.6.2.0
    Create a notification for this product.
    Date Public
    2018-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105182"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7790",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T13:52:53.696411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-294",
                    "description": "CWE-294 Authentication Bypass by Capture-replay",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T13:55:56.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Information Management Error vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Management Error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-31T09:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "name": "105182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105182"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-08-22T00:00:00",
              "ID": "CVE-2018-7790",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Information Management Error vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Management Error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105182"
                },
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7790",
        "datePublished": "2018-08-29T21:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T13:55:56.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7789 (GCVE-0-2018-7789)

    Vulnerability from cvelistv5 – Published: 2018-08-29 20:00 – Updated: 2026-05-29 13:50
    VLAI
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Check for Unusual or Exceptional Conditions
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M221, all references, all versions prior to firmware V1.6.2.0 Affected: Modicon M221, all references, all versions prior to firmware V1.6.2.0
    Create a notification for this product.
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.299Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/"
              },
              {
                "name": "105171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105171"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7789",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T13:42:20.871154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-754",
                    "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T13:50:59.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-30T19:57:02.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/"
            },
            {
              "name": "105171",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "DATE_PUBLIC": "2018-08-21T00:00:00",
              "ID": "CVE-2018-7789",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02"
                },
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/"
                },
                {
                  "name": "105171",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7789",
        "datePublished": "2018-08-29T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T13:50:59.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }