BID:105970

Schneider Electric Modicon M221 CVE-2018-7798 Remote Security Bypass Vulnerability

CVE-2018-7798 |

Info

Schneider Electric Modicon M221 CVE-2018-7798 Remote Security Bypass Vulnerability

Bugtraq ID:	105970
Class:	Input Validation Error
CVE:	CVE-2018-7798
Remote:	Yes
Local:	No
Published:	Nov 20 2018 12:00AM
Updated:	Nov 20 2018 12:00AM
Credit:	Eran Goldstein of CRITIFENCE
Vulnerable:	Schneider-Electric Modicon M221 1.6.2.0 Schneider-Electric Modicon M221 1.5.0.1 Schneider-Electric Modicon M221 1.5.0.0

Not Vulnerable:

Discussion

Schneider Electric Modicon M221 CVE-2018-7798 Remote Security Bypass Vulnerability

Schneider Electric Modicon M221 is prone to a remote security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Exploit / POC

Schneider Electric Modicon M221 CVE-2018-7798 Remote Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Schneider Electric Modicon M221 CVE-2018-7798 Remote Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Schneider Electric Modicon M221 CVE-2018-7798 Remote Security Bypass Vulnerability

References:

Schneider Electric Homepage (Schneider Electric)
ICSA-18-324-02: Schneider Electric Modicon M221 (CERT)