{"api_version":"1","generated_at":"2026-04-23T10:40:38+00:00","cve":"CVE-2018-7821","urls":{"html":"https://cve.report/CVE-2018-7821","api":"https://cve.report/api/cve/CVE-2018-7821.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-7821","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-7821"},"summary":{"title":"CVE-2018-7821","description":"An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.","state":"PUBLIC","assigner":"cybersecurity@schneider-electric.com","published_at":"2019-05-22 20:29:00","updated_at":"2022-01-31 20:47:00"},"problem_types":["CWE-770"],"metrics":[],"references":[{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/","name":"https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Notification - Modicon M221 | Schneider Electric","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-7821","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7821","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"7821","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7821","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7821","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"modicon_m221_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7821","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"modicon_m221_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7821","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"somachine_basic","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7821","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"somachine_basic","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7821","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"se","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7821","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"se","cpe5":"modicon_m221_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7821","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"se","cpe5":"somachine_basic","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-7821","qid":"591089","title":"Schneider Electric Modicon M221 Multiple Vulnerabilities (SEVD-2019-045-01)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2018-7821","ASSIGNER":"cybersecurity@schneider-electric.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"SoMachine Basic and Modicon M221, SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0","version":{"version_data":[{"version_value":"SoMachine Basic and Modicon M221, SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Multiple Vulnerabilities"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/","url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/"}]},"description":{"description_data":[{"lang":"eng","value":"An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated."}]}},"nvd":{"publishedDate":"2019-05-22 20:29:00","lastModifiedDate":"2022-01-31 20:47:00","problem_types":["CWE-770"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.0.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"7821","Ordinal":"124135","Title":"CVE-2018-7821","CVE":"CVE-2018-7821","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"7821","Ordinal":"1","NoteData":"An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"7821","Ordinal":"2","NoteData":"2019-05-22","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"7821","Ordinal":"3","NoteData":"2019-05-22","Type":"Other","Title":"Modified"}]}}}