Search criteria
25 vulnerabilities found for Modicon M221 by Schneider Electric
VAR-201706-0458
Vulnerability from variot - Updated: 2025-04-20 23:16A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections. Schneider Electric Modicon PLC Modicon M221 , M241 and M251 The firmware contains a vulnerability related to lack of entropy.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. An attacker could exploit the vulnerability to obtain sensitive information or perform unauthorized actions. This may lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.1.1.5"
},
{
"model": "modicon m251",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m241",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m221",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": "modicon m241",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m251",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m221",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.1.1.5"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m251",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m241",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m241",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m251",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc",
"sources": [
{
"db": "BID",
"id": "97254"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6030",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6030",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6030",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-09891",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114233",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6030",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6030",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6030",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6030",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-09891",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-582",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114233",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6030",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections. Schneider Electric Modicon PLC Modicon M221 , M241 and M251 The firmware contains a vulnerability related to lack of entropy.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. An attacker could exploit the vulnerability to obtain sensitive information or perform unauthorized actions. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6030",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-089-02",
"trust": 2.9
},
{
"db": "BID",
"id": "97254",
"trust": 2.7
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-09891",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289",
"trust": 0.8
},
{
"db": "IVD",
"id": "4A548A03-6217-4B58-9F7D-67DBC8ED4A34",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114233",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6030",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"id": "VAR-201706-0458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
}
],
"trust": 1.8967532500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
}
]
},
"last_update_date": "2025-04-20T23:16:07.395000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-075-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-075-01"
},
{
"title": "Multiple Schneider Electric Modicon Products TCP Initial Serial Number Prediction Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95622"
},
{
"title": "CVE-2017-6030",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2017-6030 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-331",
"trust": 1.9
},
{
"problemtype": "CWE-343",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-089-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/97254"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6030"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6030"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/331.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2017-6030"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114233"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"date": "2017-03-30T00:00:00",
"db": "BID",
"id": "97254"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"date": "2017-06-30T03:29:00.390000",
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114233"
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97254"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Modicon PLC Modicon Vulnerability related to lack of entropy in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
}
],
"trust": 0.6
}
}
VAR-201706-0456
Vulnerability from variot - Updated: 2025-04-20 23:16A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. Successfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "modicon m251",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"_id": null,
"model": "modicon m241",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"_id": null,
"model": "modicon m241",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"_id": null,
"model": "modicon m251",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"_id": null,
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"_id": null,
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"_id": null,
"model": "electric modicon m221",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"_id": null,
"model": "modicon m241",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"_id": null,
"model": "modicon m251",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"_id": null,
"model": "modicon m251",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"_id": null,
"model": "modicon m241",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"_id": null,
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"_id": null,
"model": "modicon m251",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"_id": null,
"model": "modicon m241",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"_id": null,
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m251",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m241",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
}
]
},
"credits": {
"_id": null,
"data": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc",
"sources": [
{
"db": "BID",
"id": "97254"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6026",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6026",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-09890",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114229",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6026",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6026",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6026",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6026",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-09890",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-586",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114229",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6026",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"description": {
"_id": null,
"data": "A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. \nSuccessfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6026"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
}
],
"trust": 2.79
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114229",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114229"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-6026",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-089-02",
"trust": 2.9
},
{
"db": "BID",
"id": "97254",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "45918",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-09890",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287",
"trust": 0.8
},
{
"db": "IVD",
"id": "B2E725EB-BF44-40DF-91C3-ADC24E4992EC",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150551",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-114229",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6026",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"id": "VAR-201706-0456",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULHUB",
"id": "VHN-114229"
}
],
"trust": 1.8967532500000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
}
]
},
"last_update_date": "2025-04-20T23:16:07.349000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SEVD-2017-075-02",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-075-02"
},
{
"title": "Patch for multiple Schneider Electric Modicon product session fixation vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95625"
},
{
"title": "Schneider Electric Modicon PLCs Modicon M241 and Modicon M251 Fixing measures for security feature vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160265"
},
{
"title": "CVE-2017-6026",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2017-6026 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-330",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-089-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/97254"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/45918/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6026"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6026"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53311"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-09890",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-114229",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-6026",
"ident": null
},
{
"db": "BID",
"id": "97254",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-6026",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec",
"ident": null
},
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09890",
"ident": null
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114229",
"ident": null
},
{
"date": "2017-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6026",
"ident": null
},
{
"date": "2017-03-30T00:00:00",
"db": "BID",
"id": "97254",
"ident": null
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005287",
"ident": null
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-586",
"ident": null
},
{
"date": "2017-06-30T03:29:00.327000",
"db": "NVD",
"id": "CVE-2017-6026",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09890",
"ident": null
},
{
"date": "2018-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-114229",
"ident": null
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6026",
"ident": null
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97254",
"ident": null
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005287",
"ident": null
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-586",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6026",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Schneider Electric Modicon PLC Modicon M241 and M251 Vulnerability related to insufficient random values in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
}
],
"trust": 0.6
}
}
VAR-201706-0457
Vulnerability from variot - Updated: 2025-04-20 23:16An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. Schneider Electric Modicon PLC Modicon M241 and M251 The firmware contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. Successfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0457",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m251",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m241",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m241",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m251",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m221",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m251",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m241",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m241",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m251",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc",
"sources": [
{
"db": "BID",
"id": "97254"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6028",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-09898",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114231",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6028",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6028",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6028",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6028",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-09898",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-584",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114231",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6028",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. Schneider Electric Modicon PLC Modicon M241 and M251 The firmware contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. \nSuccessfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6028"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6028",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-089-02",
"trust": 2.9
},
{
"db": "BID",
"id": "97254",
"trust": 2.7
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-09898",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288",
"trust": 0.8
},
{
"db": "IVD",
"id": "B9EEC958-8AE9-4302-889D-7ED13E29DEAA",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114231",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6028",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"id": "VAR-201706-0457",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
}
],
"trust": 1.8967532500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
}
]
},
"last_update_date": "2025-04-20T23:16:07.305000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-075-03",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-075-03"
},
{
"title": "Patches for multiple Schneider Electric Modicon products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95626"
},
{
"title": "Fortinet Security Advisories: Fortinet Discovers Schneider Electric Modicon Insecure Credential Transmission Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-VD-20-102"
},
{
"title": "CVE-2017-6028",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2017-6028 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-089-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/97254"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6028"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6028"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2017-6028"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114231"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"date": "2017-03-30T00:00:00",
"db": "BID",
"id": "97254"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"date": "2017-06-30T03:29:00.360000",
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114231"
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97254"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC Modicon M241 and M251 Firmware vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
}
],
"trust": 0.6
}
}
VAR-201704-1421
Vulnerability from variot - Updated: 2025-04-20 23:05Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. Schneider Electric SoMachine Basic and Modicon Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The former is a programming and debugging interface for all components on the control platform; the latter is a programmable controller. An attacker could exploit the vulnerability to open and modify protected project files with Schneider's products. A remote attacker may leverage this issue to gain root access to the affected system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1421",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon tm221ce16r",
"scope": "eq",
"trust": 1.9,
"vendor": "schneider electric",
"version": "1.3.3.3"
},
{
"model": "somachine",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "modicon tm221ce16r",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "basic software"
},
{
"model": "electric modicon tm221ce16r",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.3.3.3"
},
{
"model": "electric somachine basic sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.4"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5"
},
{
"model": "somachine basic sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.1"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon tm221ce16r",
"version": "1.3.3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": "1.4"
}
],
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_tm221ce16r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Simon Heming, Maik Br\u00fcggemann, Hendrik Schwartke, Ralf Spenneberg.",
"sources": [
{
"db": "BID",
"id": "97518"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7574",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7574",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05014",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "baed19f0-f146-47b4-be70-37b627575985",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115777",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7574",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7574",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7574",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7574",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-05014",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-273",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115777",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-7574",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. Schneider Electric SoMachine Basic and Modicon Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The former is a programming and debugging interface for all components on the control platform; the latter is a programmable controller. An attacker could exploit the vulnerability to open and modify protected project files with Schneider\u0027s products. \nA remote attacker may leverage this issue to gain root access to the affected system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7574",
"trust": 3.7
},
{
"db": "BID",
"id": "97518",
"trust": 3.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-097-01",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-103-02",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-05014",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056",
"trust": 0.8
},
{
"db": "IVD",
"id": "BAED19F0-F146-47B4-BE70-37B627575985",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115777",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-103-02A",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7574",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"id": "VAR-201704-1421",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
}
],
"trust": 1.8444444333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
}
]
},
"last_update_date": "2025-04-20T23:05:06.381000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-097-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-01"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://os-s.net/advisories/oss-2017-02.pdf"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/97518"
},
{
"trust": 1.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2017-097-01"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-103-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7574"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7574"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/97518/info"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-103-02a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"date": "2017-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"date": "2017-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-115777"
},
{
"date": "2017-04-06T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"date": "2017-04-06T00:00:00",
"db": "BID",
"id": "97518"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"date": "2017-04-06T21:59:00.307000",
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"date": "2017-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-115777"
},
{
"date": "2021-08-23T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"date": "2017-04-18T01:06:00",
"db": "BID",
"id": "97518"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric SoMachine Basic and Modicon Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
}
],
"trust": 0.6
}
}
VAR-201704-1422
Vulnerability from variot - Updated: 2025-04-20 23:05Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. Schneider Electric Modicon The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Schneider Electric Modicon TM221CE16R is a programmable controller from Schneider Electric, France. A security vulnerability exists in the Schneider Electric Modicon TM221CE16R version 1.3.3.3. Or upload an app. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. Schneider Modicon TM221CE16R firmware 1.3.3.3 is affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon tm221ce16r",
"scope": "eq",
"trust": 1.9,
"vendor": "schneider electric",
"version": "1.3.3.3"
},
{
"model": "modicon tm221ce16r",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon tm221ce16r",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.3.3.3"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.1"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon tm221ce16r",
"version": "1.3.3.3"
}
],
"sources": [
{
"db": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f"
},
{
"db": "CNVD",
"id": "CNVD-2017-05011"
},
{
"db": "BID",
"id": "97523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003057"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-272"
},
{
"db": "NVD",
"id": "CVE-2017-7575"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_tm221ce16r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003057"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Simon Heming, Maik Br\u00fcggemann, Hendrik Schwartke, Ralf Spenneberg.",
"sources": [
{
"db": "BID",
"id": "97523"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7575",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7575",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05011",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b4542435-a636-4664-96b9-14ffd0dc876f",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115778",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7575",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7575",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7575",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-05011",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-272",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-115778",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f"
},
{
"db": "CNVD",
"id": "CNVD-2017-05011"
},
{
"db": "VULHUB",
"id": "VHN-115778"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003057"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-272"
},
{
"db": "NVD",
"id": "CVE-2017-7575"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \\x00\\x01\\x00\\x00\\x00\\x05\\x01\\x5a\\x00\\x03\\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. Schneider Electric Modicon The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Schneider Electric Modicon TM221CE16R is a programmable controller from Schneider Electric, France. A security vulnerability exists in the Schneider Electric Modicon TM221CE16R version 1.3.3.3. Or upload an app. \nAn attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. \nSchneider Modicon TM221CE16R firmware 1.3.3.3 is affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7575"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003057"
},
{
"db": "CNVD",
"id": "CNVD-2017-05011"
},
{
"db": "BID",
"id": "97523"
},
{
"db": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f"
},
{
"db": "VULHUB",
"id": "VHN-115778"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7575",
"trust": 3.6
},
{
"db": "BID",
"id": "97523",
"trust": 2.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-097-02",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-103-02",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201704-272",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-05011",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003057",
"trust": 0.8
},
{
"db": "IVD",
"id": "B4542435-A636-4664-96B9-14FFD0DC876F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115778",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f"
},
{
"db": "CNVD",
"id": "CNVD-2017-05011"
},
{
"db": "VULHUB",
"id": "VHN-115778"
},
{
"db": "BID",
"id": "97523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003057"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-272"
},
{
"db": "NVD",
"id": "CVE-2017-7575"
}
]
},
"id": "VAR-201704-1422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f"
},
{
"db": "CNVD",
"id": "CNVD-2017-05011"
},
{
"db": "VULHUB",
"id": "VHN-115778"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f"
},
{
"db": "CNVD",
"id": "CNVD-2017-05011"
}
]
},
"last_update_date": "2025-04-20T23:05:06.342000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-097-02",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003057"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115778"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003057"
},
{
"db": "NVD",
"id": "CVE-2017-7575"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://os-s.net/advisories/oss-2017-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/97523"
},
{
"trust": 1.1,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2017-097-02"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-103-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7575"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05011"
},
{
"db": "VULHUB",
"id": "VHN-115778"
},
{
"db": "BID",
"id": "97523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003057"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-272"
},
{
"db": "NVD",
"id": "CVE-2017-7575"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f"
},
{
"db": "CNVD",
"id": "CNVD-2017-05011"
},
{
"db": "VULHUB",
"id": "VHN-115778"
},
{
"db": "BID",
"id": "97523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003057"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-272"
},
{
"db": "NVD",
"id": "CVE-2017-7575"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f"
},
{
"date": "2017-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05011"
},
{
"date": "2017-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-115778"
},
{
"date": "2017-04-06T00:00:00",
"db": "BID",
"id": "97523"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003057"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-272"
},
{
"date": "2017-04-06T21:59:00.337000",
"db": "NVD",
"id": "CVE-2017-7575"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05011"
},
{
"date": "2017-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-115778"
},
{
"date": "2017-04-18T00:07:00",
"db": "BID",
"id": "97523"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003057"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-272"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7575"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-272"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon TM221CE16R Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b4542435-a636-4664-96b9-14ffd0dc876f"
},
{
"db": "CNVD",
"id": "CNVD-2017-05011"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-272"
}
],
"trust": 0.6
}
}
VAR-201905-0036
Vulnerability from variot - Updated: 2024-11-23 23:11A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2. plural Schneider Electric The product is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M100 and others are products of Schneider Electric, France. The Schneider Electric Modicon M100 is a programmable logic controller. The Schneider Electric Modicon LMC078 is a motion controller. The Schneider Electric ATV IMC drive controller is a drive controller. An access control error vulnerability exists in several Schneider Electric products. The following products and versions are affected: Schneider Electric Modicon M100 (all versions); Modicon M200 (all versions); Modicon M221 (all versions); ATV IMC drive controller (all versions); Modicon M241 (all versions); Modicon M258 (all versions); Modicon LMC058 (all versions); Modicon LMC078 (all versions); PacDrive Eco (all versions); PacDrive Pro (all versions); PacDrive Pro2 (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "pacdrive eco",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m258",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon lmc058",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "pacdrive pro2",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon lmc078",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "pacdrive pro",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "atv imc drive controller",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "atv imc drive controller",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon lmc058",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon lmc078",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m221",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m241",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m251",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m258",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "pacdrive eco",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m258",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon lmc058",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon lmc078",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric pacdrive eco",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric pacdrive pro",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric pacdrive pro2",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m200",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m221",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric atv imc drive controller",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pacdrive eco",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pacdrive pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pacdrive pro2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv imc drive controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m241",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m251",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m258",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon lmc058",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon lmc078",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:atv_imc_drive_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_lmc058_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_lmc078_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m258_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:pacdrive_eco_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
}
]
},
"cve": "CVE-2019-6820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6820",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15887",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158255",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6820",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6820",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6820",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15887",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-932",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158255",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6820",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2. plural Schneider Electric The product is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M100 and others are products of Schneider Electric, France. The Schneider Electric Modicon M100 is a programmable logic controller. The Schneider Electric Modicon LMC078 is a motion controller. The Schneider Electric ATV IMC drive controller is a drive controller. An access control error vulnerability exists in several Schneider Electric products. The following products and versions are affected: Schneider Electric Modicon M100 (all versions); Modicon M200 (all versions); Modicon M221 (all versions); ATV IMC drive controller (all versions); Modicon M241 (all versions); Modicon M258 (all versions); Modicon LMC058 (all versions); Modicon LMC078 (all versions); PacDrive Eco (all versions); PacDrive Pro (all versions); PacDrive Pro2 (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6820",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-02",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-15887",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816",
"trust": 0.8
},
{
"db": "IVD",
"id": "275E0D38-40D0-4C09-B739-BA01427AB4F3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158255",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6820",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"id": "VAR-201905-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
}
],
"trust": 1.8366883125000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
}
]
},
"last_update_date": "2024-11-23T23:11:53.057000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-02/"
},
{
"title": "CVE-2019-6820",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2019-6820 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-02/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6820"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6820"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-6820"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2019-6820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158255"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"date": "2019-05-22T20:29:02.137000",
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158255"
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"date": "2024-11-21T04:47:13.107000",
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Vulnerability related to lack of certification for critical functions in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
}
],
"trust": 0.8
}
}
VAR-201905-1025
Vulnerability from variot - Updated: 2024-11-23 22:12A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message. SoMachine Basic and Modicon M221 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are both products of Schneider Electric. Schneider Electric SoMachine Basic is a software for logic controller programming. Schneider Electric Modicon M221 is a programmable logic controller. The vulnerability stems from network systems or products that did not properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1025",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.10.0.0"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine basic",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m221",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v1.10.0.0"
},
{
"model": "electric somachine basic",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine basic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841"
},
{
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"db": "NVD",
"id": "CVE-2018-7823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine_basic",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015487"
}
]
},
"cve": "CVE-2018-7823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7823",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-45190",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137855",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7823",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7823",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7823",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7823",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-45190",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-907",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137855",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7823",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841"
},
{
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"db": "VULHUB",
"id": "VHN-137855"
},
{
"db": "VULMON",
"id": "CVE-2018-7823"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-907"
},
{
"db": "NVD",
"id": "CVE-2018-7823"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message. SoMachine Basic and Modicon M221 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are both products of Schneider Electric. Schneider Electric SoMachine Basic is a software for logic controller programming. Schneider Electric Modicon M221 is a programmable logic controller. The vulnerability stems from network systems or products that did not properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7823"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"db": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841"
},
{
"db": "VULHUB",
"id": "VHN-137855"
},
{
"db": "VULMON",
"id": "CVE-2018-7823"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7823",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-01",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-907",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-45190",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015487",
"trust": 0.8
},
{
"db": "IVD",
"id": "2A8B3BB6-FDEB-453A-961B-395292A4E841",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137855",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7823",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841"
},
{
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"db": "VULHUB",
"id": "VHN-137855"
},
{
"db": "VULMON",
"id": "CVE-2018-7823"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-907"
},
{
"db": "NVD",
"id": "CVE-2018-7823"
}
]
},
"id": "VAR-201905-1025",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841"
},
{
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"db": "VULHUB",
"id": "VHN-137855"
}
],
"trust": 1.8967532500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841"
},
{
"db": "CNVD",
"id": "CNVD-2019-45190"
}
]
},
"last_update_date": "2024-11-23T22:12:01.367000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/"
},
{
"title": "Patch for Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/194041"
},
{
"title": "Schneider Electric SoMachine Basic and Modicon M221 Remediation measures for environmental problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92885"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137855"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"db": "NVD",
"id": "CVE-2018-7823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7823"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7823"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"db": "VULHUB",
"id": "VHN-137855"
},
{
"db": "VULMON",
"id": "CVE-2018-7823"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-907"
},
{
"db": "NVD",
"id": "CVE-2018-7823"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841"
},
{
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"db": "VULHUB",
"id": "VHN-137855"
},
{
"db": "VULMON",
"id": "CVE-2018-7823"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-907"
},
{
"db": "NVD",
"id": "CVE-2018-7823"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841"
},
{
"date": "2019-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137855"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7823"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-907"
},
{
"date": "2019-05-22T20:29:01.120000",
"db": "NVD",
"id": "CVE-2018-7823"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137855"
},
{
"date": "2022-01-31T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7823"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015487"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-907"
},
{
"date": "2024-11-21T04:12:47.787000",
"db": "NVD",
"id": "CVE-2018-7823"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-907"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 Input Validation Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45190"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-907"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "2a8b3bb6-fdeb-453a-961b-395292a4e841"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-907"
}
],
"trust": 0.8
}
}
VAR-201905-1023
Vulnerability from variot - Updated: 2024-11-23 22:12An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. SoMachine Basic and Modicon M221 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are products of French Schneider Electric (Schneider Electric). Schneider Electric SoMachine Basic is a suite of software for programming logic controllers. Schneider Electric Modicon M221 is a programmable logic controller. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.10.0.0"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine basic",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"db": "NVD",
"id": "CVE-2018-7821"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine_basic",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
}
]
},
"cve": "CVE-2018-7821",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7821",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137853",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7821",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7821",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7821",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7821",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-905",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137853",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7821",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137853"
},
{
"db": "VULMON",
"id": "CVE-2018-7821"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-905"
},
{
"db": "NVD",
"id": "CVE-2018-7821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. SoMachine Basic and Modicon M221 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are products of French Schneider Electric (Schneider Electric). Schneider Electric SoMachine Basic is a suite of software for programming logic controllers. Schneider Electric Modicon M221 is a programmable logic controller. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7821"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"db": "VULHUB",
"id": "VHN-137853"
},
{
"db": "VULMON",
"id": "CVE-2018-7821"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7821",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-01",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015485",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-905",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-137853",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7821",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137853"
},
{
"db": "VULMON",
"id": "CVE-2018-7821"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-905"
},
{
"db": "NVD",
"id": "CVE-2018-7821"
}
]
},
"id": "VAR-201905-1023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-137853"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:01.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/"
},
{
"title": "Schneider Electric SoMachine Basic and Modicon M221 Remediation measures for environmental problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92883"
},
{
"title": "CVE-2018-7821",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2018-7821 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7821"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-905"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137853"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"db": "NVD",
"id": "CVE-2018-7821"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-01/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7821"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7821"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2018-7821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137853"
},
{
"db": "VULMON",
"id": "CVE-2018-7821"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-905"
},
{
"db": "NVD",
"id": "CVE-2018-7821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-137853"
},
{
"db": "VULMON",
"id": "CVE-2018-7821"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-905"
},
{
"db": "NVD",
"id": "CVE-2018-7821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137853"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7821"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-905"
},
{
"date": "2019-05-22T20:29:01.043000",
"db": "NVD",
"id": "CVE-2018-7821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137853"
},
{
"date": "2021-08-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7821"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015485"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-905"
},
{
"date": "2024-11-21T04:12:47.533000",
"db": "NVD",
"id": "CVE-2018-7821"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-905"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SoMachine Basic and Modicon M221 Resource management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015485"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-905"
}
],
"trust": 0.6
}
}
VAR-201905-1024
Vulnerability from variot - Updated: 2024-11-23 22:12An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. SoMachine Basic and Modicon M221 Contains a permission vulnerability.Information may be obtained. Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are both products of Schneider Electric. Schneider Electric SoMachine Basic is a software for logic controller programming. Schneider Electric Modicon M221 is a programmable logic controller.
Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 have an authorization issue vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.10.0.0"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine basic",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m221",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v1.10.0.0"
},
{
"model": "electric somachine basic",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine basic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine_basic",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
}
]
},
"cve": "CVE-2018-7822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7822",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-45191",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-137854",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-7822",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7822",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7822",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7822",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-45191",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-906",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137854",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. SoMachine Basic and Modicon M221 Contains a permission vulnerability.Information may be obtained. Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are both products of Schneider Electric. Schneider Electric SoMachine Basic is a software for logic controller programming. Schneider Electric Modicon M221 is a programmable logic controller. \n\nSchneider Electric SoMachine Basic and Schneider Electric Modicon M221 have an authorization issue vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7822"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "VULHUB",
"id": "VHN-137854"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7822",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-45191",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486",
"trust": 0.8
},
{
"db": "IVD",
"id": "30FEE716-90FD-423A-8DB4-6A253E5E76B4",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137854",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"id": "VAR-201905-1024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
}
],
"trust": 1.8967532500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
}
]
},
"last_update_date": "2024-11-23T22:12:01.296000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/"
},
{
"title": "Patch for Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 Licensing Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/194043"
},
{
"title": "Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92884"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-275",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7822"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7822"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"db": "VULHUB",
"id": "VHN-137854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
},
{
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "IVD",
"id": "30fee716-90fd-423a-8db4-6a253e5e76b4"
},
{
"date": "2019-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137854"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-906"
},
{
"date": "2019-05-22T20:29:01.073000",
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45191"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137854"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015486"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-906"
},
{
"date": "2024-11-21T04:12:47.653000",
"db": "NVD",
"id": "CVE-2018-7822"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SoMachine Basic and Modicon M221 Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-906"
}
],
"trust": 0.6
}
}
VAR-202004-1859
Vulnerability from variot - Updated: 2024-11-23 22:11A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller. (DoS) It may be put into a state. Schneider Electric EcoStruxure Machine Expert–Basic and SoMachine Basic are both products of Schneider Electric (France). Schneider Electric EcoStruxure Machine Expert–Basic is a PLC configuration application. This program is mainly used for the configuration, programming and application debugging of programmable logic controllers. SoMachine Basic is a PLC configuration application. This program is mainly used for the configuration, programming and application debugging of programmable logic controllers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m221",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine basic",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric somachine basic",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric ecostruxure machine expert basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"db": "NVD",
"id": "CVE-2020-7489"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:ecostruxure_machine_expert",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine_basic",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
}
]
},
"cve": "CVE-2020-7489",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7489",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004963",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-33244",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7489",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004963",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7489",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-004963",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-33244",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1950",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1950"
},
{
"db": "NVD",
"id": "CVE-2020-7489"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027) vulnerability exists on EcoStruxure Machine Expert \u2013 Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller. (DoS) It may be put into a state. Schneider Electric EcoStruxure Machine Expert\u2013Basic and SoMachine Basic are both products of Schneider Electric (France). Schneider Electric EcoStruxure Machine Expert\u2013Basic is a PLC configuration application. This program is mainly used for the configuration, programming and application debugging of programmable logic controllers. SoMachine Basic is a PLC configuration application. This program is mainly used for the configuration, programming and application debugging of programmable logic controllers",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7489"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"db": "CNVD",
"id": "CNVD-2020-33244"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7489",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-105-01",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004963",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-33244",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46621",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1950",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1950"
},
{
"db": "NVD",
"id": "CVE-2020-7489"
}
]
},
"id": "VAR-202004-1859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33244"
}
],
"trust": 1.41435185
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33244"
}
]
},
"last_update_date": "2024-11-23T22:11:29.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-105-01",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-105-01/"
},
{
"title": "Patch for Schneider Electric EcoStruxure Machine Expert-Basic or SoMachine Basic injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/221581"
},
{
"title": "Schneider Electric EcoStruxure Machine Expert \u2013 Basic or SoMachine Basic Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117011"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"db": "NVD",
"id": "CVE-2020-7489"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7489"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-105-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7489"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46621"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1950"
},
{
"db": "NVD",
"id": "CVE-2020-7489"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-33244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1950"
},
{
"db": "NVD",
"id": "CVE-2020-7489"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-33244"
},
{
"date": "2020-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1950"
},
{
"date": "2020-04-22T19:15:11.777000",
"db": "NVD",
"id": "CVE-2020-7489"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-33244"
},
{
"date": "2020-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004963"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1950"
},
{
"date": "2024-11-21T05:37:14.820000",
"db": "NVD",
"id": "CVE-2020-7489"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1950"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EcoStruxure Machine Expert - Basic and SoMachine Basic programming software Injection vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004963"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1950"
}
],
"trust": 0.6
}
}
VAR-201808-0961
Vulnerability from variot - Updated: 2024-11-23 22:06An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames. Schneider Electric Modicon M221 Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M221 is a programmable logic controller from Schneider Electric, France. A security vulnerability exists in Schneider Electric Modicon M221 that stems from a program that fails to properly detect anomalies. The vulnerability could be exploited by a remote attacker to restart the Modicon M221. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0961",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.6.2.0"
},
{
"model": "electric modicon m221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.5.0.1"
},
{
"model": "electric modicon m221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.5.0.0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.1.1.5"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.1"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.6.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"db": "BID",
"id": "105171"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-906"
},
{
"db": "NVD",
"id": "CVE-2018-7789"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010009"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric, working with Yehonatan Kfir of Radiflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-906"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7789",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-05108",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137821",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7789",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7789",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7789",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7789",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-05108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-906",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137821",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7789",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"db": "VULHUB",
"id": "VHN-137821"
},
{
"db": "VULMON",
"id": "CVE-2018-7789"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-906"
},
{
"db": "NVD",
"id": "CVE-2018-7789"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames. Schneider Electric Modicon M221 Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M221 is a programmable logic controller from Schneider Electric, France. A security vulnerability exists in Schneider Electric Modicon M221 that stems from a program that fails to properly detect anomalies. The vulnerability could be exploited by a remote attacker to restart the Modicon M221. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7789"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"db": "BID",
"id": "105171"
},
{
"db": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137821"
},
{
"db": "VULMON",
"id": "CVE-2018-7789"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7789",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-240-02",
"trust": 2.9
},
{
"db": "BID",
"id": "105171",
"trust": 2.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-233-01",
"trust": 2.4
},
{
"db": "CNNVD",
"id": "CNNVD-201808-906",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-05108",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010009",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D862CA1-463F-11E9-BC27-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-98906",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-137821",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7789",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"db": "VULHUB",
"id": "VHN-137821"
},
{
"db": "VULMON",
"id": "CVE-2018-7789"
},
{
"db": "BID",
"id": "105171"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-906"
},
{
"db": "NVD",
"id": "CVE-2018-7789"
}
]
},
"id": "VAR-201808-0961",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"db": "VULHUB",
"id": "VHN-137821"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-05108"
}
]
},
"last_update_date": "2024-11-23T22:06:37.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-233-01",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-233-01+Modicon+M221.pdf\u0026p_Doc_Ref=SEVD-2018-233-01"
},
{
"title": "Schneider Electric Modicon M221 Remote Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/154317"
},
{
"title": "Schneider Electric Modicon M221 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123392"
},
{
"title": "CVE-2018-7789",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2018-7789 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"db": "VULMON",
"id": "CVE-2018-7789"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-906"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137821"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"db": "NVD",
"id": "CVE-2018-7789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-02"
},
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-233-01/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/105171"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7789"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7789"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/754.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2018-7789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"db": "VULHUB",
"id": "VHN-137821"
},
{
"db": "VULMON",
"id": "CVE-2018-7789"
},
{
"db": "BID",
"id": "105171"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-906"
},
{
"db": "NVD",
"id": "CVE-2018-7789"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"db": "VULHUB",
"id": "VHN-137821"
},
{
"db": "VULMON",
"id": "CVE-2018-7789"
},
{
"db": "BID",
"id": "105171"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-906"
},
{
"db": "NVD",
"id": "CVE-2018-7789"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-24T00:00:00",
"db": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1"
},
{
"date": "2019-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-137821"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7789"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105171"
},
{
"date": "2018-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-906"
},
{
"date": "2018-08-29T20:29:00.343000",
"db": "NVD",
"id": "CVE-2018-7789"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-05108"
},
{
"date": "2018-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-137821"
},
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7789"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105171"
},
{
"date": "2018-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010009"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-906"
},
{
"date": "2024-11-21T04:12:44.300000",
"db": "NVD",
"id": "CVE-2018-7789"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-906"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M221 Remote Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d862ca1-463f-11e9-bc27-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-05108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-906"
}
],
"trust": 0.6
}
}
VAR-201904-1022
Vulnerability from variot - Updated: 2024-11-23 21:59ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. Programmable Logic Controller Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB/Phoenix Contact/Schneider Electric/Siemens/WAGO PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition. There are resource management error vulnerabilities in many PLC products, which originate from improper management of system resources (such as memory, disk space, files, etc.) by the network system or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1022",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.10.0.0"
},
{
"model": "6ed1052-1cc01-0ba8",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "6es7314-6eh04-0ab0",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "pm554-tp-eth",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": null
},
{
"model": "6es7211-1ae40-0xb0",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "ethernet",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "bacnet\\/ip",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "knx ip",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "ilc 151 eth",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "pm554-tp-eth",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "ilc 151 eth",
"scope": null,
"trust": 0.8,
"vendor": "phoenix contact",
"version": null
},
{
"model": "modicon m221",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "6ed1052-1cc01-0ba8",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "6es7211-1ae40-0xb0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "6es7314-6eh04-0ab0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "bacnet/ip",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "ethernet",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "knx ip",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "controller pfc100",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "(750-8100)0"
},
{
"model": "controller knx ip",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "(750-889)0"
},
{
"model": "controller ethernet",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "(750-880)0"
},
{
"model": "controller bacnet/ip",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "(750-831)0"
},
{
"model": "6es7314-6eh04-0ab0 simatic s7-314",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "6es7211-1ae40-0xb0 simatic s7-1211",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "6ed1052-1cc01-0ba8 logo!",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "80"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "contact ilc eth",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "27009741510"
},
{
"model": "1sap120600r0071 pm554-tp-eth",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "108413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:pm554-tp-eth_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:ilc_151_eth_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:6ed1052-1cc01-0ba8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:6es7211-1ae40-0xb0_firmwar",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:6es7314-6eh04-0ab0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:bacnet%2fip_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:ethernet_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:knx_ip_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "and Florian Fischer (Hochschule Augsburg), Jan-Ole Malchow (Freie Universita\u0308t Berlin), and Florian Fischer (Hochschule Augsburg) reported this vulnerability to NCCIC.,Matthias Niedermaier (Hochschule Augsburg), Jan-Ole Malchow (Freie Universita\u00c2\u00a8t Berlin)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10953",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10953",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142551",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10953",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10953",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10953",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10953",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-770",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142551",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-10953",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. Programmable Logic Controller Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB/Phoenix Contact/Schneider Electric/Siemens/WAGO PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial of service condition. There are resource management error vulnerabilities in many PLC products, which originate from improper management of system resources (such as memory, disk space, files, etc.) by the network system or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10953"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "BID",
"id": "108413"
},
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-106-03",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2019-10953",
"trust": 2.9
},
{
"db": "BID",
"id": "108413",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1312",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142551",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-10953",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "BID",
"id": "108413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"id": "VAR-201904-1022",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
}
],
"trust": 0.8783169000000001
},
"last_update_date": "2024-11-23T21:59:59.558000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PM554-TP-ETH",
"trust": 0.8,
"url": "https://new.abb.com/products/1SAP120600R0071/pm554-tp-ethac500-prog-logic-controller"
},
{
"title": "Controller - ILC 151 ETH - 2700974",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2700974\u0026library=usen\u0026pcck=P-08-12-08-07\u0026tab=5\u0026selectedCategory=ALL"
},
{
"title": "M221 firmware",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/M221+Firmware+V1.3/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.siemens.com/global/en.html"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.wago.co.jp/"
},
{
"title": "CVE-2019-10953",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2019-10953 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-03"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/108413"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10953"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10953"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79174"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-106-03"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2019-10953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "BID",
"id": "108413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "BID",
"id": "108413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-142551"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"date": "2019-05-16T00:00:00",
"db": "BID",
"id": "108413"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-770"
},
{
"date": "2019-04-17T15:29:00.843000",
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142551"
},
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"date": "2019-05-16T00:00:00",
"db": "BID",
"id": "108413"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-770"
},
{
"date": "2024-11-21T04:20:13.450000",
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Programmable Logic Controller Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
],
"trust": 0.6
}
}
VAR-202011-1276
Vulnerability from variot - Updated: 2024-11-23 21:58A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Modicon TM221 is a programmable controller of Schneider Electric (China) Co., Ltd., used for single device control architecture.
Schneider Electric (China) Co., Ltd. Modicon TM221 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1276",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "eq",
"trust": 1.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "modicon m221 firmware"
},
{
"model": "modicon tm221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "v1.13.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"cve": "CVE-2020-7565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-7565",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38820",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2020-7565",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-7565",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7565",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-7565",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38820",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1670",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-7565",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Modicon TM221 is a programmable controller of Schneider Electric (China) Co., Ltd., used for single device control architecture. \n\nSchneider Electric (China) Co., Ltd. Modicon TM221 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7565",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-343-04",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-315-05",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91936841",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38820",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-7565",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"id": "VAR-202011-1276",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
}
]
},
"last_update_date": "2024-11-23T21:58:53.449000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-315-05",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-05/"
},
{
"title": "Patch for Schneider Electric (China) Co., Ltd. Modicon TM221 has an information leakage vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593141"
},
{
"title": "Schneider Electric Modicon M221 Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135518"
},
{
"title": "CVE-2020-7565",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2020-7565 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "Inadequate encryption strength (CWE-326) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"trust": 1.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7565"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91936841/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04\u00a5"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2020-7565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"date": "2020-11-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"date": "2021-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"date": "2020-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"date": "2020-11-19T22:15:14.943000",
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"date": "2021-07-09T06:22:00",
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"date": "2024-11-21T05:37:23.323000",
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Modicon\u00a0M221\u00a0 Vulnerability in cryptography",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
}
],
"trust": 0.6
}
}
VAR-201808-0962
Vulnerability from variot - Updated: 2024-11-23 21:52An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC. Schneider Electric Modicon M221 Contains information management vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Modicon M221 is a logic controller from Schneider Electric. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0962",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.6.2.0"
},
{
"model": "electric modicon m221",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "1.6.2.0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.1.1.5"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.1"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.6.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0"
},
{
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-907"
},
{
"db": "NVD",
"id": "CVE-2018-7790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Irfan Ahmed, Sushma Kalle, and Nehal Ameen of the University of New Orleans, Hyunguk Yoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-907"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7790",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7790",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06189",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137822",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7790",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7790",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7790",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7790",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06189",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-907",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137822",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7790",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0"
},
{
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"db": "VULHUB",
"id": "VHN-137822"
},
{
"db": "VULMON",
"id": "CVE-2018-7790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-907"
},
{
"db": "NVD",
"id": "CVE-2018-7790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Information Management Error vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC. Schneider Electric Modicon M221 Contains information management vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Modicon M221 is a logic controller from Schneider Electric. \nAttackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "IVD",
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0"
},
{
"db": "VULHUB",
"id": "VHN-137822"
},
{
"db": "VULMON",
"id": "CVE-2018-7790"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7790",
"trust": 3.7
},
{
"db": "BID",
"id": "105182",
"trust": 2.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-240-01",
"trust": 1.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-235-01",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2019-06189",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-907",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010010",
"trust": 0.8
},
{
"db": "IVD",
"id": "49145ED1-5915-4F3A-BCBD-DF38B5F91BB0",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137822",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7790",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0"
},
{
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"db": "VULHUB",
"id": "VHN-137822"
},
{
"db": "VULMON",
"id": "CVE-2018-7790"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-907"
},
{
"db": "NVD",
"id": "CVE-2018-7790"
}
]
},
"id": "VAR-201808-0962",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0"
},
{
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"db": "VULHUB",
"id": "VHN-137822"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0"
},
{
"db": "CNVD",
"id": "CNVD-2019-06189"
}
]
},
"last_update_date": "2024-11-23T21:52:51.061000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-235-01",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-235-01-Modicon-M221.pdf\u0026p_Doc_Ref=SEVD-2018-235-01"
},
{
"title": "SchneiderElectricModiconM221 Certification Sequence Replay Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155255"
},
{
"title": "Schneider Electric Modicon M221 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100300"
},
{
"title": "CVE-2018-7790",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2018-7790 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"db": "VULMON",
"id": "CVE-2018-7790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-294",
"trust": 1.1
},
{
"problemtype": "CWE-199",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137822"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"db": "NVD",
"id": "CVE-2018-7790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/105182"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-235-01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7790"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7790"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/294.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2018-7790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"db": "VULHUB",
"id": "VHN-137822"
},
{
"db": "VULMON",
"id": "CVE-2018-7790"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-907"
},
{
"db": "NVD",
"id": "CVE-2018-7790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0"
},
{
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"db": "VULHUB",
"id": "VHN-137822"
},
{
"db": "VULMON",
"id": "CVE-2018-7790"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-907"
},
{
"db": "NVD",
"id": "CVE-2018-7790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-06T00:00:00",
"db": "IVD",
"id": "49145ed1-5915-4f3a-bcbd-df38b5f91bb0"
},
{
"date": "2019-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-137822"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7790"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105182"
},
{
"date": "2018-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-907"
},
{
"date": "2018-08-29T21:29:01.070000",
"db": "NVD",
"id": "CVE-2018-7790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06189"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-137822"
},
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7790"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105182"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010010"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-907"
},
{
"date": "2024-11-21T04:12:44.423000",
"db": "NVD",
"id": "CVE-2018-7790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-907"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M221 Vulnerability in information management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010010"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-907"
}
],
"trust": 0.6
}
}
VAR-201808-0963
Vulnerability from variot - Updated: 2024-11-23 21:52A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC. The Modicon M221 is a logic controller from Schneider Electric. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0963",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.6.2.0"
},
{
"model": "electric modicon m221",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "1.6.2.0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.1.1.5"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.1"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.6.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
},
{
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-908"
},
{
"db": "NVD",
"id": "CVE-2018-7791"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Irfan Ahmed, Sushma Kalle, and Nehal Ameen of the University of New Orleans, Hyunguk Yoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-908"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7791",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7791",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06190",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137823",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7791",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7791",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7791",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7791",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06190",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-908",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137823",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
},
{
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"db": "VULHUB",
"id": "VHN-137823"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-908"
},
{
"db": "NVD",
"id": "CVE-2018-7791"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC. The Modicon M221 is a logic controller from Schneider Electric. \nAttackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "IVD",
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
},
{
"db": "VULHUB",
"id": "VHN-137823"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7791",
"trust": 3.6
},
{
"db": "BID",
"id": "105182",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-240-01",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-235-01",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2019-06190",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-908",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009998",
"trust": 0.8
},
{
"db": "IVD",
"id": "159A5F16-67EB-4CC8-8569-AB9F24F77F20",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137823",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
},
{
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"db": "VULHUB",
"id": "VHN-137823"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-908"
},
{
"db": "NVD",
"id": "CVE-2018-7791"
}
]
},
"id": "VAR-201808-0963",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
},
{
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"db": "VULHUB",
"id": "VHN-137823"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
},
{
"db": "CNVD",
"id": "CNVD-2019-06190"
}
]
},
"last_update_date": "2024-11-23T21:52:51.021000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-235-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
},
{
"title": "SchneiderElectricModiconM221 patch for permission and access control vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155257"
},
{
"title": "Schneider Electric Modicon M221 Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100301"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-908"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
},
{
"problemtype": "CWE-862",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137823"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"db": "NVD",
"id": "CVE-2018-7791"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105182"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-235-01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7791"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7791"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"db": "VULHUB",
"id": "VHN-137823"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-908"
},
{
"db": "NVD",
"id": "CVE-2018-7791"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
},
{
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"db": "VULHUB",
"id": "VHN-137823"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-908"
},
{
"db": "NVD",
"id": "CVE-2018-7791"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-06T00:00:00",
"db": "IVD",
"id": "159a5f16-67eb-4cc8-8569-ab9f24f77f20"
},
{
"date": "2019-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-137823"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105182"
},
{
"date": "2018-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-908"
},
{
"date": "2018-08-29T21:29:01.180000",
"db": "NVD",
"id": "CVE-2018-7791"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06190"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-137823"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105182"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009998"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-908"
},
{
"date": "2024-11-21T04:12:44.530000",
"db": "NVD",
"id": "CVE-2018-7791"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-908"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M221 Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009998"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-908"
}
],
"trust": 0.6
}
}
VAR-201808-0964
Vulnerability from variot - Updated: 2024-11-23 21:52A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. The Modicon M221 is a logic controller from Schneider Electric. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0964",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.6.2.0"
},
{
"model": "electric modicon m221",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "1.6.2.0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.1.1.5"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.1"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.6.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498"
},
{
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-909"
},
{
"db": "NVD",
"id": "CVE-2018-7792"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009999"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Irfan Ahmed, Sushma Kalle, and Nehal Ameen of the University of New Orleans, Hyunguk Yoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-909"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7792",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7792",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06191",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c5600743-aa0e-400f-846c-b060da074498",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137824",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7792",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7792",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7792",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7792",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-06191",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-909",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137824",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498"
},
{
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"db": "VULHUB",
"id": "VHN-137824"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-909"
},
{
"db": "NVD",
"id": "CVE-2018-7792"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric\u0027s Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. The Modicon M221 is a logic controller from Schneider Electric. \nAttackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498"
},
{
"db": "VULHUB",
"id": "VHN-137824"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7792",
"trust": 3.6
},
{
"db": "BID",
"id": "105182",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-240-01",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-235-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201808-909",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06191",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009999",
"trust": 0.8
},
{
"db": "IVD",
"id": "C5600743-AA0E-400F-846C-B060DA074498",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137824",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498"
},
{
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"db": "VULHUB",
"id": "VHN-137824"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-909"
},
{
"db": "NVD",
"id": "CVE-2018-7792"
}
]
},
"id": "VAR-201808-0964",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498"
},
{
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"db": "VULHUB",
"id": "VHN-137824"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498"
},
{
"db": "CNVD",
"id": "CNVD-2019-06191"
}
]
},
"last_update_date": "2024-11-23T21:52:50.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-235-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
},
{
"title": "Patch for SchneiderElectricModiconM221 Password Decryption Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155259"
},
{
"title": "Schneider Electric Modicon M221 Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100302"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-909"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137824"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"db": "NVD",
"id": "CVE-2018-7792"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-240-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105182"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-235-01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7792"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7792"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"db": "VULHUB",
"id": "VHN-137824"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-909"
},
{
"db": "NVD",
"id": "CVE-2018-7792"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498"
},
{
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"db": "VULHUB",
"id": "VHN-137824"
},
{
"db": "BID",
"id": "105182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-909"
},
{
"db": "NVD",
"id": "CVE-2018-7792"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-06T00:00:00",
"db": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498"
},
{
"date": "2019-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"date": "2018-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-137824"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105182"
},
{
"date": "2018-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-909"
},
{
"date": "2018-08-29T21:29:01.273000",
"db": "NVD",
"id": "CVE-2018-7792"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06191"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-137824"
},
{
"date": "2018-08-28T00:00:00",
"db": "BID",
"id": "105182"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009999"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-909"
},
{
"date": "2024-11-21T04:12:44.640000",
"db": "NVD",
"id": "CVE-2018-7792"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-909"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M221 Password Decoding Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c5600743-aa0e-400f-846c-b060da074498"
},
{
"db": "CNVD",
"id": "CNVD-2019-06191"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-909"
}
],
"trust": 0.6
}
}
VAR-201811-0561
Vulnerability from variot - Updated: 2022-05-04 09:16A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. Modicon M221 Contains vulnerabilities related to insufficient validation of data reliability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M221 is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0561",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine basic",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine basic",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.5"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.2"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.3"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.6"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.6.2.0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.1"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
}
],
"sources": [
{
"db": "BID",
"id": "105970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011939"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-040"
},
{
"db": "NVD",
"id": "CVE-2018-7798"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7798"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eran Goldstein of CRITIFENCE",
"sources": [
{
"db": "BID",
"id": "105970"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7798",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7798",
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7798",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7798",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-040",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011939"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-040"
},
{
"db": "NVD",
"id": "CVE-2018-7798"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. Modicon M221 Contains vulnerabilities related to insufficient validation of data reliability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M221 is prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011939"
},
{
"db": "BID",
"id": "105970"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7798",
"trust": 2.7
},
{
"db": "BID",
"id": "105970",
"trust": 1.9
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-270-01",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-324-02",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011939",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-040",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "105970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011939"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-040"
},
{
"db": "NVD",
"id": "CVE-2018-7798"
}
]
},
"id": "VAR-201811-0561",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5637039699999999
},
"last_update_date": "2022-05-04T09:16:42.065000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-270-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-270-01/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011939"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011939"
},
{
"db": "NVD",
"id": "CVE-2018-7798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-270-01/"
},
{
"trust": 1.6,
"url": "https://www.securityfocus.com/bid/105970"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-324-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7798"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7798"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "BID",
"id": "105970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011939"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-040"
},
{
"db": "NVD",
"id": "CVE-2018-7798"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "105970"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011939"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-040"
},
{
"db": "NVD",
"id": "CVE-2018-7798"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-20T00:00:00",
"db": "BID",
"id": "105970"
},
{
"date": "2019-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011939"
},
{
"date": "2018-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-040"
},
{
"date": "2018-11-02T17:29:00",
"db": "NVD",
"id": "CVE-2018-7798"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-20T00:00:00",
"db": "BID",
"id": "105970"
},
{
"date": "2019-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011939"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-040"
},
{
"date": "2022-01-31T20:31:00",
"db": "NVD",
"id": "CVE-2018-7798"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-040"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Modicon M221 Vulnerabilities related to insufficient validation of data reliability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011939"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-040"
}
],
"trust": 0.6
}
}
VAR-202012-0814
Vulnerability from variot - Updated: 2022-05-04 08:33A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide. Modicon M221 Is predictable Salt A vulnerability exists regarding the use of one-way hashes.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0814",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "modicon m221 firmware"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"db": "NVD",
"id": "CVE-2020-28214"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28214"
}
]
},
"cve": "CVE-2020-28214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-28214",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-28214",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-28214",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-28214",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-719",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-28214",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-28214"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-719"
},
{
"db": "NVD",
"id": "CVE-2020-28214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide. Modicon M221 Is predictable Salt A vulnerability exists regarding the use of one-way hashes.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28214"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"db": "VULMON",
"id": "CVE-2020-28214"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-343-04",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-28214",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-315-05",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91936841",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014840",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-719",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-28214",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-28214"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-719"
},
{
"db": "NVD",
"id": "CVE-2020-28214"
}
]
},
"id": "VAR-202012-0814",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6202651
},
"last_update_date": "2022-05-04T08:33:46.147000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-315-05",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"title": "Schneider Electric Modicon M221 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=137259"
},
{
"title": "CVE-2020-28214",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2020-28214 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-28214"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-719"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-760",
"trust": 1.0
},
{
"problemtype": "Predictable Salt Use of one-way hash (CWE-760) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"db": "NVD",
"id": "CVE-2020-28214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"
},
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28214"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91936841/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/760.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2020-28214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-28214"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-719"
},
{
"db": "NVD",
"id": "CVE-2020-28214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-28214"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-719"
},
{
"db": "NVD",
"id": "CVE-2020-28214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28214"
},
{
"date": "2021-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"date": "2020-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-719"
},
{
"date": "2020-12-11T01:15:00",
"db": "NVD",
"id": "CVE-2020-28214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28214"
},
{
"date": "2021-09-01T06:48:00",
"db": "JVNDB",
"id": "JVNDB-2020-014840"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-719"
},
{
"date": "2022-02-03T16:10:00",
"db": "NVD",
"id": "CVE-2020-28214"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-719"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Modicon\u00a0M221\u00a0 Predictable in \u00a0Salt\u00a0 Vulnerability in using one-way hash",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014840"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-719"
}
],
"trust": 0.6
}
}
VAR-202011-1279
Vulnerability from variot - Updated: 2022-05-04 08:33A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains an information disclosure vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "eq",
"trust": 1.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "modicon m221 firmware"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013654"
},
{
"db": "NVD",
"id": "CVE-2020-7568"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7568"
}
]
},
"cve": "CVE-2020-7568",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-7568",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-7568",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-7568",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-7568",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1673",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013654"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1673"
},
{
"db": "NVD",
"id": "CVE-2020-7568"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains an information disclosure vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013654"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-343-04",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2020-7568",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-315-05",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91936841",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013654",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1673",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013654"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1673"
},
{
"db": "NVD",
"id": "CVE-2020-7568"
}
]
},
"id": "VAR-202011-1279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6202651
},
"last_update_date": "2022-05-04T08:33:46.095000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-315-05",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"title": "Schneider Electric Modicon M221 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135520"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013654"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1673"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013654"
},
{
"db": "NVD",
"id": "CVE-2020-7568"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7568"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91936841/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04\u00a5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013654"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1673"
},
{
"db": "NVD",
"id": "CVE-2020-7568"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013654"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1673"
},
{
"db": "NVD",
"id": "CVE-2020-7568"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013654"
},
{
"date": "2020-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1673"
},
{
"date": "2020-11-19T22:15:00",
"db": "NVD",
"id": "CVE-2020-7568"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-09T06:22:00",
"db": "JVNDB",
"id": "JVNDB-2020-013654"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1673"
},
{
"date": "2022-02-04T16:09:00",
"db": "NVD",
"id": "CVE-2020-7568"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1673"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Modicon\u00a0M221\u00a0 Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013654"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1673"
}
],
"trust": 0.6
}
}
VAR-202011-1278
Vulnerability from variot - Updated: 2022-05-04 08:33A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys. Modicon M221 There is a vulnerability in the lack of encryption of critical data.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "eq",
"trust": 1.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "modicon m221 firmware"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013655"
},
{
"db": "NVD",
"id": "CVE-2020-7567"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7567"
}
]
},
"cve": "CVE-2020-7567",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-7567",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2020-7567",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-7567",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-7567",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1674",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013655"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1674"
},
{
"db": "NVD",
"id": "CVE-2020-7567"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys. Modicon M221 There is a vulnerability in the lack of encryption of critical data.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7567"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013655"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-343-04",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2020-7567",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-315-05",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91936841",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013655",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1674",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013655"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1674"
},
{
"db": "NVD",
"id": "CVE-2020-7567"
}
]
},
"id": "VAR-202011-1278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6202651
},
"last_update_date": "2022-05-04T08:33:46.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-315-05",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"title": "Schneider Electric Modicon M221 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135521"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013655"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1674"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.0
},
{
"problemtype": "Lack of encryption of critical data (CWE-311) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013655"
},
{
"db": "NVD",
"id": "CVE-2020-7567"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7567"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91936841/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04\u00a5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013655"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1674"
},
{
"db": "NVD",
"id": "CVE-2020-7567"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013655"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1674"
},
{
"db": "NVD",
"id": "CVE-2020-7567"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013655"
},
{
"date": "2020-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1674"
},
{
"date": "2020-11-19T22:15:00",
"db": "NVD",
"id": "CVE-2020-7567"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-09T06:22:00",
"db": "JVNDB",
"id": "JVNDB-2020-013655"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1674"
},
{
"date": "2022-02-04T15:50:00",
"db": "NVD",
"id": "CVE-2020-7567"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1674"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Modicon\u00a0M221\u00a0 Vulnerability regarding lack of encryption of critical data in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013655"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1674"
}
],
"trust": 0.6
}
}
VAR-202011-1277
Vulnerability from variot - Updated: 2022-05-04 08:33A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Is vulnerable to inadequate random values.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "eq",
"trust": 1.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "modicon m221 firmware"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"db": "NVD",
"id": "CVE-2020-7566"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7566"
}
]
},
"cve": "CVE-2020-7566",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-7566",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2020-7566",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-7566",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-7566",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1672",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-7566",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7566"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1672"
},
{
"db": "NVD",
"id": "CVE-2020-7566"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Is vulnerable to inadequate random values.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7566"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"db": "VULMON",
"id": "CVE-2020-7566"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-343-04",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-7566",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-315-05",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91936841",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013653",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1672",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-7566",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7566"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1672"
},
{
"db": "NVD",
"id": "CVE-2020-7566"
}
]
},
"id": "VAR-202011-1277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6202651
},
"last_update_date": "2022-05-04T08:33:46.015000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-315-05",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"title": "Schneider Electric Modicon M221 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135519"
},
{
"title": "CVE-2020-7566",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2020-7566 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7566"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1672"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-334",
"trust": 1.0
},
{
"problemtype": "Insufficient random value (CWE-334) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"db": "NVD",
"id": "CVE-2020-7566"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"trust": 1.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7566"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91936841/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04\u00a5"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/334.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2020-7566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7566"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1672"
},
{
"db": "NVD",
"id": "CVE-2020-7566"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-7566"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1672"
},
{
"db": "NVD",
"id": "CVE-2020-7566"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7566"
},
{
"date": "2021-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"date": "2020-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1672"
},
{
"date": "2020-11-19T22:15:00",
"db": "NVD",
"id": "CVE-2020-7566"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7566"
},
{
"date": "2021-07-09T06:22:00",
"db": "JVNDB",
"id": "JVNDB-2020-013653"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1672"
},
{
"date": "2022-02-03T16:14:00",
"db": "NVD",
"id": "CVE-2020-7566"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1672"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Modicon\u00a0M221\u00a0 Insufficient random value vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1672"
}
],
"trust": 0.6
}
}
CVE-2019-10953 (GCVE-0-2019-10953)
Vulnerability from nvd – Published: 2019-04-17 14:02 – Updated: 2026-06-04 18:42
VLAI
Summary
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION CWE-400
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03 | |
| http://www.securityfocus.com/bid/108413 | vdb-entryx_refsource_BID |
| https://github.com/cisagov/CSAF/blob/develop/csaf… |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | 1SAP120600R0071 PM554-TP-ETH |
Affected:
Multiple
|
|
| Phoenix Contact | 2700974 ILC 151 ETH |
Affected:
Multiple
|
|
| Phoenix Contact | ILC 191 ETH 2TX |
Affected:
Multiple
|
|
| Schneider Electric | Modicon M221 |
Affected:
0 , < v1.10.0.0
(custom)
Unaffected: v1.10.0.0 |
|
| Schneider Electric | EcoStruxure Machine Expert – Basic |
Affected:
0 , < v1.0
(custom)
Unaffected: v1.0 |
|
| Siemens | 6ES7211-1AE40-0XB0 Simatic S7-1211 |
Unaffected:
Multiple
|
|
| Siemens | 6ES7314-6EH04-0AB0 Simatic S7-314 |
Unaffected:
Multiple
|
|
| Siemens | 6ED1052-1CC01-0BA8 Logo! 8 |
Unaffected:
Multiple
|
|
| WAGO | 750-889 Controller KNX IP |
Affected:
Multiple
|
|
| WAGO | 750-8100 Controller PFC100 |
Affected:
Multiple
|
|
| WAGO | 750-880 Controller ETH |
Affected:
Multiple
|
|
| WAGO | 750-831 Controller BACnet/IP |
Affected:
Multiple
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03"
},
{
"name": "108413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108413"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-10953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:42:08.076750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:45:20.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1SAP120600R0071 PM554-TP-ETH",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "2700974 ILC 151 ETH",
"vendor": "Phoenix Contact",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC 191 ETH 2TX",
"vendor": "Phoenix Contact",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M221",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "v1.10.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "v1.10.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Machine Expert \u2013 Basic",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "v1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "v1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "6ES7211-1AE40-0XB0 Simatic S7-1211",
"vendor": "Siemens",
"versions": [
{
"status": "unaffected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "6ES7314-6EH04-0AB0 Simatic S7-314",
"vendor": "Siemens",
"versions": [
{
"status": "unaffected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "6ED1052-1CC01-0BA8 Logo! 8",
"vendor": "Siemens",
"versions": [
{
"status": "unaffected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889 Controller KNX IP",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8100 Controller PFC100",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880 Controller ETH",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831 Controller BACnet/IP",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Niedermaier (Hochschule Augsburg), Jan-Ole Malchow (Freie Universita\u0308t Berlin), and Florian Fischer (Hochschule Augsburg) reported this vulnerability to CISA."
},
{
"lang": "en",
"type": "finder",
"value": "Mikael Vingaard found and reported to CISA additional devices containing this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.\u003c/p\u003e"
}
],
"value": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T18:42:43.045Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03"
},
{
"name": "108413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108413"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2019/icsa-19-106-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFixes are available in\u0026nbsp; Schneider Electric\n\nModicon M221 firmware v1.10.0.0 and EcoStruxure Machine Expert \u2013 Basic v1.0 software (formerly SoMachine Basic) using either of the following options:\u003cbr\u003e\u003cbr\u003eUse this link to download the Machine Expert Basic software.\u003c/p\u003e\u003cp\u003eOr run the Schneider Electric Software Update tool in order to download and install EcoStruxure Machine Expert \u2013 Basic v1.0 software.\u003c/p\u003e\u003cp\u003eFor additional information, see the Schneider Electric security notice SEVD-2019-045-01. (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-045-01)\u003c/p\u003e\u003cp\u003eSchneider Electric strongly recommends following industry cybersecurity best practices, such as:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePhysical controls should be in place so no unauthorized person would have access to the ICS and safety controllers, peripheral equipment, or the ICS and safety networks.\u003c/li\u003e\u003cli\u003eAll controllers should reside in locked cabinets and never be left in the \u201cProgram\u201d mode.\u003c/li\u003e\u003cli\u003eAll programming software should be kept in locked cabinets and should never be connected to any network other than the network for the devices it is intended.\u003c/li\u003e\u003cli\u003eAll methods of mobile data exchange with the isolated network (e.g., CDs, USB drives, etc.) should be scanned before use in terminals or any node connected to these networks.\u003c/li\u003e\u003cli\u003eLaptops that have connected to any other network besides the intended network should never be allowed to connect to the safety or control networks without proper sanitation.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Fixes are available in\u00a0 Schneider Electric\n\nModicon M221 firmware v1.10.0.0 and EcoStruxure Machine Expert \u2013 Basic v1.0 software (formerly SoMachine Basic) using either of the following options:\n\nUse this link to download the Machine Expert Basic software.\n\n\n\nOr run the Schneider Electric Software Update tool in order to download and install EcoStruxure Machine Expert \u2013 Basic v1.0 software.\n\n\n\nFor additional information, see the Schneider Electric security notice SEVD-2019-045-01. (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-045-01)\n\n\n\nSchneider Electric strongly recommends following industry cybersecurity best practices, such as:\n\n * Physical controls should be in place so no unauthorized person would have access to the ICS and safety controllers, peripheral equipment, or the ICS and safety networks.\n * All controllers should reside in locked cabinets and never be left in the \u201cProgram\u201d mode.\n * All programming software should be kept in locked cabinets and should never be connected to any network other than the network for the devices it is intended.\n * All methods of mobile data exchange with the isolated network (e.g., CDs, USB drives, etc.) should be scanned before use in terminals or any node connected to these networks.\n * Laptops that have connected to any other network besides the intended network should never be allowed to connect to the safety or control networks without proper sanitation."
}
],
"source": {
"advisory": "ICSA-19-106-03",
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eABB concludes the reported behavior is not a vulnerability but is due to a misconfiguration of the PLC watchdog, which was left in the default factory settings. This has led to a configuration that does not match the expectations expressed in the test cases and the result is the PLC not reacting as intended. This misconfiguration can be fixed by setting an appropriate combination of task priority, task cycle time, and watchdog settings. Please see the \u201cOnboard Ethernet Handling in CPU Firmware\u201d chapter (System Technology for AC500 V2 Products \u0026gt; System Technology of CPU and Overall System \u0026gt; Onboard Technologies \u0026gt; Ethernet \u0026gt; Ethernet Protocols and Ports for AC500 V2 Products \u0026gt; Onboard Ethernet Handling in CPU Firmware) for further guidance.\u003c/span\u003e"
}
],
"value": "ABB concludes the reported behavior is not a vulnerability but is due to a misconfiguration of the PLC watchdog, which was left in the default factory settings. This has led to a configuration that does not match the expectations expressed in the test cases and the result is the PLC not reacting as intended. This misconfiguration can be fixed by setting an appropriate combination of task priority, task cycle time, and watchdog settings. Please see the \u201cOnboard Ethernet Handling in CPU Firmware\u201d chapter (System Technology for AC500 V2 Products \u003e System Technology of CPU and Overall System \u003e Onboard Technologies \u003e Ethernet \u003e Ethernet Protocols and Ports for AC500 V2 Products \u003e Onboard Ethernet Handling in CPU Firmware) for further guidance."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhoenix Contact acknowledges this as a \u201cknown, won\u2019t fix\u201d issue for old products. Currently available products provide countermeasures to mitigate the impact on the safety-related functionality. Phoenix Contact urges users to adhere to the\u0026nbsp;Application note 107913_en_01.\u003c/p\u003e\u003cp\u003eMore information can be found in the\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://cert.vde.com/en-us/advisories/vde-2018-012\"\u003eVDE CERT advisory\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Phoenix Contact acknowledges this as a \u201cknown, won\u2019t fix\u201d issue for old products. Currently available products provide countermeasures to mitigate the impact on the safety-related functionality. Phoenix Contact urges users to adhere to the\u00a0Application note 107913_en_01.\n\n\n\nMore information can be found in the\u00a0 VDE CERT advisory https://cert.vde.com/en-us/advisories/vde-2018-012 ."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eSiemens has investigated the vulnerability report on PLC cycle time influences and concludes the report does not demonstrate a valid vulnerability for Siemens PLCs.\u003c/span\u003e"
}
],
"value": "Siemens has investigated the vulnerability report on PLC cycle time influences and concludes the report does not demonstrate a valid vulnerability for Siemens PLCs."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eWAGO recommends users operate the devices in closed networks or protect them with a firewall against unauthorized access. Another recommended mitigation is to limit network traffic via the switch rate limit feature according to application needs.\u003c/span\u003e\u003cbr\u003e\u003cspan\u003ePlease also consult the product manuals on the WAGO website, as this is a known problem for some devices. Links to product manuals and specific instructions about how to limit switch rates can be found in the\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003c/span\u003e\u003ca href=\"https://cert.vde.com/de-de/advisories/vde-2018-013\"\u003eVDE CERT advisory\u003c/a\u003e\u003cspan\u003e.\u003c/span\u003e"
}
],
"value": "WAGO recommends users operate the devices in closed networks or protect them with a firewall against unauthorized access. Another recommended mitigation is to limit network traffic via the switch rate limit feature according to application needs.\nPlease also consult the product manuals on the WAGO website, as this is a known problem for some devices. Links to product manuals and specific instructions about how to limit switch rates can be found in the\u00a0 VDE CERT advisory https://cert.vde.com/de-de/advisories/vde-2018-013 ."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03"
},
{
"name": "108413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10953",
"datePublished": "2019-04-17T14:02:15.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2026-06-04T18:42:43.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-6030 (GCVE-0-2017-6030)
Vulnerability from nvd – Published: 2017-06-30 02:35 – Updated: 2026-06-04 21:40
VLAI
Title
Schneider Electric Modicon PLCs Predictable Value Range from Previous Values
Summary
A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/97254 | vdb-entryx_refsource_BID |
| https://github.com/cisagov/CSAF/blob/develop/csaf… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Modicon M221 |
Affected:
0 , < 1.5.0.0
(custom)
|
|
| Schneider Electric | Modicon M241 |
Affected:
0 , < 4.0.5.11
(custom)
|
|
| Schneider Electric | Modicon M251 |
Affected:
0 , < 4.0.5.11
(custom)
|
Date Public
2017-06-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97254"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-6030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:20:18.684514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:22:59.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M221",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "1.5.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M241",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "4.0.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M251",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "4.0.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc. reported the identified vulnerabilities."
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.\u003c/p\u003e"
}
],
"value": "A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-343",
"description": "CWE-343",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T21:40:02.867Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97254"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2017/icsa-17-089-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has released new firmware versions to address the predictable value range from previous values vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider Electric\u2019s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has provided compensating controls to reduce the risk of exploitation.\u003c/p\u003e\u003cp\u003eSoMachineBasic, Version 1.5, is available at the following location:\u003c/p\u003e\u003cp\u003ehttp://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/\u0026nbsp;\u003c/p\u003e\u003cp\u003eSchneider Electric has provided the following compensating controls to reduce the risk of exploitation of the insufficiently protected credentials vulnerability:\u003c/p\u003e\u003cul\u003e\u003cli\u003eVerify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are implemented according to best practices and standards such as ISA/IEC 62443.\u003c/li\u003e\u003cli\u003eLimit traffic on the local network with managed switches\u003c/li\u003e\u003cli\u003eWhere possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption)\u003c/li\u003e\u003cli\u003eDo not grant [network] access to unknown computers\u003c/li\u003e\u003cli\u003eWhen remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSchneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which provide additional information about the identified vulnerabilities, mitigations, and compensating controls:\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Schneider Electric has released new firmware versions to address the predictable value range from previous values vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider Electric\u2019s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has provided compensating controls to reduce the risk of exploitation.\n\n\n\nSoMachineBasic, Version 1.5, is available at the following location:\n\n\n\nhttp://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/\u00a0\n\n\n\nSchneider Electric has provided the following compensating controls to reduce the risk of exploitation of the insufficiently protected credentials vulnerability:\n\n * Verify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are implemented according to best practices and standards such as ISA/IEC 62443.\n * Limit traffic on the local network with managed switches\n * Where possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption)\n * Do not grant [network] access to unknown computers\n * When remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.\n\n\n\n\nSchneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which provide additional information about the identified vulnerabilities, mitigations, and compensating controls:\n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/ \n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/ \n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/"
}
],
"source": {
"advisory": "ICSA-17-089-02",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric Modicon PLCs Predictable Value Range from Previous Values",
"x_generator": {
"engine": "Vulnogram 1.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Modicon PLCs",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Modicon PLCs"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-343"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6030",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2026-06-04T21:40:02.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-10953 (GCVE-0-2019-10953)
Vulnerability from cvelistv5 – Published: 2019-04-17 14:02 – Updated: 2026-06-04 18:42
VLAI
Summary
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION CWE-400
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03 | |
| http://www.securityfocus.com/bid/108413 | vdb-entryx_refsource_BID |
| https://github.com/cisagov/CSAF/blob/develop/csaf… |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | 1SAP120600R0071 PM554-TP-ETH |
Affected:
Multiple
|
|
| Phoenix Contact | 2700974 ILC 151 ETH |
Affected:
Multiple
|
|
| Phoenix Contact | ILC 191 ETH 2TX |
Affected:
Multiple
|
|
| Schneider Electric | Modicon M221 |
Affected:
0 , < v1.10.0.0
(custom)
Unaffected: v1.10.0.0 |
|
| Schneider Electric | EcoStruxure Machine Expert – Basic |
Affected:
0 , < v1.0
(custom)
Unaffected: v1.0 |
|
| Siemens | 6ES7211-1AE40-0XB0 Simatic S7-1211 |
Unaffected:
Multiple
|
|
| Siemens | 6ES7314-6EH04-0AB0 Simatic S7-314 |
Unaffected:
Multiple
|
|
| Siemens | 6ED1052-1CC01-0BA8 Logo! 8 |
Unaffected:
Multiple
|
|
| WAGO | 750-889 Controller KNX IP |
Affected:
Multiple
|
|
| WAGO | 750-8100 Controller PFC100 |
Affected:
Multiple
|
|
| WAGO | 750-880 Controller ETH |
Affected:
Multiple
|
|
| WAGO | 750-831 Controller BACnet/IP |
Affected:
Multiple
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03"
},
{
"name": "108413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108413"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-10953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:42:08.076750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:45:20.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1SAP120600R0071 PM554-TP-ETH",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "2700974 ILC 151 ETH",
"vendor": "Phoenix Contact",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC 191 ETH 2TX",
"vendor": "Phoenix Contact",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M221",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "v1.10.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "v1.10.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Machine Expert \u2013 Basic",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "v1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "v1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "6ES7211-1AE40-0XB0 Simatic S7-1211",
"vendor": "Siemens",
"versions": [
{
"status": "unaffected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "6ES7314-6EH04-0AB0 Simatic S7-314",
"vendor": "Siemens",
"versions": [
{
"status": "unaffected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "6ED1052-1CC01-0BA8 Logo! 8",
"vendor": "Siemens",
"versions": [
{
"status": "unaffected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889 Controller KNX IP",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8100 Controller PFC100",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880 Controller ETH",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831 Controller BACnet/IP",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Niedermaier (Hochschule Augsburg), Jan-Ole Malchow (Freie Universita\u0308t Berlin), and Florian Fischer (Hochschule Augsburg) reported this vulnerability to CISA."
},
{
"lang": "en",
"type": "finder",
"value": "Mikael Vingaard found and reported to CISA additional devices containing this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.\u003c/p\u003e"
}
],
"value": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T18:42:43.045Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03"
},
{
"name": "108413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108413"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2019/icsa-19-106-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFixes are available in\u0026nbsp; Schneider Electric\n\nModicon M221 firmware v1.10.0.0 and EcoStruxure Machine Expert \u2013 Basic v1.0 software (formerly SoMachine Basic) using either of the following options:\u003cbr\u003e\u003cbr\u003eUse this link to download the Machine Expert Basic software.\u003c/p\u003e\u003cp\u003eOr run the Schneider Electric Software Update tool in order to download and install EcoStruxure Machine Expert \u2013 Basic v1.0 software.\u003c/p\u003e\u003cp\u003eFor additional information, see the Schneider Electric security notice SEVD-2019-045-01. (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-045-01)\u003c/p\u003e\u003cp\u003eSchneider Electric strongly recommends following industry cybersecurity best practices, such as:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePhysical controls should be in place so no unauthorized person would have access to the ICS and safety controllers, peripheral equipment, or the ICS and safety networks.\u003c/li\u003e\u003cli\u003eAll controllers should reside in locked cabinets and never be left in the \u201cProgram\u201d mode.\u003c/li\u003e\u003cli\u003eAll programming software should be kept in locked cabinets and should never be connected to any network other than the network for the devices it is intended.\u003c/li\u003e\u003cli\u003eAll methods of mobile data exchange with the isolated network (e.g., CDs, USB drives, etc.) should be scanned before use in terminals or any node connected to these networks.\u003c/li\u003e\u003cli\u003eLaptops that have connected to any other network besides the intended network should never be allowed to connect to the safety or control networks without proper sanitation.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Fixes are available in\u00a0 Schneider Electric\n\nModicon M221 firmware v1.10.0.0 and EcoStruxure Machine Expert \u2013 Basic v1.0 software (formerly SoMachine Basic) using either of the following options:\n\nUse this link to download the Machine Expert Basic software.\n\n\n\nOr run the Schneider Electric Software Update tool in order to download and install EcoStruxure Machine Expert \u2013 Basic v1.0 software.\n\n\n\nFor additional information, see the Schneider Electric security notice SEVD-2019-045-01. (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-045-01)\n\n\n\nSchneider Electric strongly recommends following industry cybersecurity best practices, such as:\n\n * Physical controls should be in place so no unauthorized person would have access to the ICS and safety controllers, peripheral equipment, or the ICS and safety networks.\n * All controllers should reside in locked cabinets and never be left in the \u201cProgram\u201d mode.\n * All programming software should be kept in locked cabinets and should never be connected to any network other than the network for the devices it is intended.\n * All methods of mobile data exchange with the isolated network (e.g., CDs, USB drives, etc.) should be scanned before use in terminals or any node connected to these networks.\n * Laptops that have connected to any other network besides the intended network should never be allowed to connect to the safety or control networks without proper sanitation."
}
],
"source": {
"advisory": "ICSA-19-106-03",
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eABB concludes the reported behavior is not a vulnerability but is due to a misconfiguration of the PLC watchdog, which was left in the default factory settings. This has led to a configuration that does not match the expectations expressed in the test cases and the result is the PLC not reacting as intended. This misconfiguration can be fixed by setting an appropriate combination of task priority, task cycle time, and watchdog settings. Please see the \u201cOnboard Ethernet Handling in CPU Firmware\u201d chapter (System Technology for AC500 V2 Products \u0026gt; System Technology of CPU and Overall System \u0026gt; Onboard Technologies \u0026gt; Ethernet \u0026gt; Ethernet Protocols and Ports for AC500 V2 Products \u0026gt; Onboard Ethernet Handling in CPU Firmware) for further guidance.\u003c/span\u003e"
}
],
"value": "ABB concludes the reported behavior is not a vulnerability but is due to a misconfiguration of the PLC watchdog, which was left in the default factory settings. This has led to a configuration that does not match the expectations expressed in the test cases and the result is the PLC not reacting as intended. This misconfiguration can be fixed by setting an appropriate combination of task priority, task cycle time, and watchdog settings. Please see the \u201cOnboard Ethernet Handling in CPU Firmware\u201d chapter (System Technology for AC500 V2 Products \u003e System Technology of CPU and Overall System \u003e Onboard Technologies \u003e Ethernet \u003e Ethernet Protocols and Ports for AC500 V2 Products \u003e Onboard Ethernet Handling in CPU Firmware) for further guidance."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhoenix Contact acknowledges this as a \u201cknown, won\u2019t fix\u201d issue for old products. Currently available products provide countermeasures to mitigate the impact on the safety-related functionality. Phoenix Contact urges users to adhere to the\u0026nbsp;Application note 107913_en_01.\u003c/p\u003e\u003cp\u003eMore information can be found in the\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://cert.vde.com/en-us/advisories/vde-2018-012\"\u003eVDE CERT advisory\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Phoenix Contact acknowledges this as a \u201cknown, won\u2019t fix\u201d issue for old products. Currently available products provide countermeasures to mitigate the impact on the safety-related functionality. Phoenix Contact urges users to adhere to the\u00a0Application note 107913_en_01.\n\n\n\nMore information can be found in the\u00a0 VDE CERT advisory https://cert.vde.com/en-us/advisories/vde-2018-012 ."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eSiemens has investigated the vulnerability report on PLC cycle time influences and concludes the report does not demonstrate a valid vulnerability for Siemens PLCs.\u003c/span\u003e"
}
],
"value": "Siemens has investigated the vulnerability report on PLC cycle time influences and concludes the report does not demonstrate a valid vulnerability for Siemens PLCs."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eWAGO recommends users operate the devices in closed networks or protect them with a firewall against unauthorized access. Another recommended mitigation is to limit network traffic via the switch rate limit feature according to application needs.\u003c/span\u003e\u003cbr\u003e\u003cspan\u003ePlease also consult the product manuals on the WAGO website, as this is a known problem for some devices. Links to product manuals and specific instructions about how to limit switch rates can be found in the\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003c/span\u003e\u003ca href=\"https://cert.vde.com/de-de/advisories/vde-2018-013\"\u003eVDE CERT advisory\u003c/a\u003e\u003cspan\u003e.\u003c/span\u003e"
}
],
"value": "WAGO recommends users operate the devices in closed networks or protect them with a firewall against unauthorized access. Another recommended mitigation is to limit network traffic via the switch rate limit feature according to application needs.\nPlease also consult the product manuals on the WAGO website, as this is a known problem for some devices. Links to product manuals and specific instructions about how to limit switch rates can be found in the\u00a0 VDE CERT advisory https://cert.vde.com/de-de/advisories/vde-2018-013 ."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03"
},
{
"name": "108413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10953",
"datePublished": "2019-04-17T14:02:15.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2026-06-04T18:42:43.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-6030 (GCVE-0-2017-6030)
Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2026-06-04 21:40
VLAI
Title
Schneider Electric Modicon PLCs Predictable Value Range from Previous Values
Summary
A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/97254 | vdb-entryx_refsource_BID |
| https://github.com/cisagov/CSAF/blob/develop/csaf… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Modicon M221 |
Affected:
0 , < 1.5.0.0
(custom)
|
|
| Schneider Electric | Modicon M241 |
Affected:
0 , < 4.0.5.11
(custom)
|
|
| Schneider Electric | Modicon M251 |
Affected:
0 , < 4.0.5.11
(custom)
|
Date Public
2017-06-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97254"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-6030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:20:18.684514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:22:59.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M221",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "1.5.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M241",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "4.0.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M251",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "4.0.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc. reported the identified vulnerabilities."
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.\u003c/p\u003e"
}
],
"value": "A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-343",
"description": "CWE-343",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T21:40:02.867Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97254"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2017/icsa-17-089-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has released new firmware versions to address the predictable value range from previous values vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider Electric\u2019s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has provided compensating controls to reduce the risk of exploitation.\u003c/p\u003e\u003cp\u003eSoMachineBasic, Version 1.5, is available at the following location:\u003c/p\u003e\u003cp\u003ehttp://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/\u0026nbsp;\u003c/p\u003e\u003cp\u003eSchneider Electric has provided the following compensating controls to reduce the risk of exploitation of the insufficiently protected credentials vulnerability:\u003c/p\u003e\u003cul\u003e\u003cli\u003eVerify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are implemented according to best practices and standards such as ISA/IEC 62443.\u003c/li\u003e\u003cli\u003eLimit traffic on the local network with managed switches\u003c/li\u003e\u003cli\u003eWhere possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption)\u003c/li\u003e\u003cli\u003eDo not grant [network] access to unknown computers\u003c/li\u003e\u003cli\u003eWhen remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSchneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which provide additional information about the identified vulnerabilities, mitigations, and compensating controls:\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Schneider Electric has released new firmware versions to address the predictable value range from previous values vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider Electric\u2019s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has provided compensating controls to reduce the risk of exploitation.\n\n\n\nSoMachineBasic, Version 1.5, is available at the following location:\n\n\n\nhttp://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/\u00a0\n\n\n\nSchneider Electric has provided the following compensating controls to reduce the risk of exploitation of the insufficiently protected credentials vulnerability:\n\n * Verify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are implemented according to best practices and standards such as ISA/IEC 62443.\n * Limit traffic on the local network with managed switches\n * Where possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption)\n * Do not grant [network] access to unknown computers\n * When remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.\n\n\n\n\nSchneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which provide additional information about the identified vulnerabilities, mitigations, and compensating controls:\n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/ \n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/ \n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/"
}
],
"source": {
"advisory": "ICSA-17-089-02",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric Modicon PLCs Predictable Value Range from Previous Values",
"x_generator": {
"engine": "Vulnogram 1.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Modicon PLCs",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Modicon PLCs"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-343"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6030",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2026-06-04T21:40:02.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}