CVE-2018-7798

Summary

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

Affected Software

VendorProductVersion RangeStatus
Schneider Electric SEModicon M221, All VersionsModicon M221, All Versionsaffected

Weaknesses

  • Insufficient Verification of Data Authenticity

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References