CVE-2018-7798 - OpenCVE

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Modicon M221 Somachine Basic

Configuration 1 [-]

AND

cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105970
https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2018-11-02T17:00:00

Updated: 2024-08-05T06:37:59.359Z

Reserved: 2018-03-08T00:00:00

Link: CVE-2018-7798

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-11-02T17:29:00.680

Modified: 2022-01-31T20:31:39.940

Link: CVE-2018-7798

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Modicon M221, All Versions", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "Modicon M221, All Versions"}]}], "datePublic": "2018-11-02T00:00:00", "descriptions": [{"lang": "en", "value": "A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device."}], "problemTypes": [{"descriptions": [{"description": "Insufficient Verification of Data Authenticity", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-21T10:57:01", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"name": "105970", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105970"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7798", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon M221, All Versions", "version": {"version_data": [{"version_value": "Modicon M221, All Versions"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Verification of Data Authenticity"}]}]}, "references": {"reference_data": [{"name": "105970", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105970"}, {"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:37:59.359Z"}, "title": "CVE Program Container", "references": [{"name": "105970", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105970"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7798", "datePublished": "2018-11-02T17:00:00", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.359Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BCEA269-6242-41FD-B141-F72CAFC8F114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB0D83F4-B718-47AB-AFB8-B576CB138AAC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device."}, {"lang": "es", "value": "Existe una vulnerabilidad de verificaci\u00f3n insuficiente de autenticidad de datos (CWE-345) en Modicon Modicon M221, todas las versiones, lo que podr\u00eda provocar un cambio en la configuraci\u00f3n IPv4 (direcci\u00f3n IP, m\u00e1scara y puerta de enlace) al conectarse remotamente al dispositivo."}], "id": "CVE-2018-7798", "lastModified": "2022-01-31T20:31:39.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-02T17:29:00.680", "references": [{"source": "cybersecurity@se.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105970"}, {"source": "cybersecurity@se.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}