Details of VAR-201808-0963

ID

VAR-201808-0963

CVE

CVE-2018-7791

TITLE

Schneider Electric Modicon M221 Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-009998

DESCRIPTION

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC. The Modicon M221 is a logic controller from Schneider Electric. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Trust: 2.7

sources: NVD: CVE-2018-7791 // JVNDB: JVNDB-2018-009998 // CNVD: CNVD-2019-06190 // BID: 105182 // IVD: 159a5f16-67eb-4cc8-8569-ab9f24f77f20 // VULHUB: VHN-137823

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 159a5f16-67eb-4cc8-8569-ab9f24f77f20 // CNVD: CNVD-2019-06190

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m221	scope:	lt	version:	1.6.2.0	Trust: 1.8
vendor:	schneider	model:	electric modicon m221	scope:	lt	version:	1.6.2.0	Trust: 0.6
vendor:	schneider electric	model:	modicon m221	scope:	eq	version:	1.1.1.5	Trust: 0.6
vendor:	schneider electric	model:	modicon m221	scope:	eq	version:	1.5.0.1	Trust: 0.3
vendor:	schneider electric	model:	modicon m221	scope:	eq	version:	1.5.0.0	Trust: 0.3
vendor:	schneider electric	model:	modicon m221	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m221	scope:	ne	version:	1.6.2.0	Trust: 0.3
vendor:	modicon m221	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 159a5f16-67eb-4cc8-8569-ab9f24f77f20 // CNVD: CNVD-2019-06190 // BID: 105182 // JVNDB: JVNDB-2018-009998 // CNNVD: CNNVD-201808-908 // NVD: CVE-2018-7791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7791
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-7791
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-06190
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201808-908
value:	CRITICAL
Trust: 0.6
IVD:	159a5f16-67eb-4cc8-8569-ab9f24f77f20
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-137823
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-7791
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-06190
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	159a5f16-67eb-4cc8-8569-ab9f24f77f20
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-137823
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7791
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-7791
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 159a5f16-67eb-4cc8-8569-ab9f24f77f20 // CNVD: CNVD-2019-06190 // VULHUB: VHN-137823 // JVNDB: JVNDB-2018-009998 // CNNVD: CNNVD-201808-908 // NVD: CVE-2018-7791

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9
problemtype:	CWE-862	Trust: 0.1

sources: VULHUB: VHN-137823 // JVNDB: JVNDB-2018-009998 // NVD: CVE-2018-7791

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-908

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201808-908

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009998

PATCH

title:	SEVD-2018-235-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/	Trust: 0.8
title:	SchneiderElectricModiconM221 patch for permission and access control vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/155257	Trust: 0.6
title:	Schneider Electric Modicon M221 Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100301	Trust: 0.6

sources: CNVD: CNVD-2019-06190 // JVNDB: JVNDB-2018-009998 // CNNVD: CNNVD-201808-908

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7791	Trust: 3.6
db:	BID	id:	105182	Trust: 2.0
db:	ICS CERT	id:	ICSA-18-240-01	Trust: 1.7
db:	SCHNEIDER	id:	SEVD-2018-235-01	Trust: 1.7
db:	CNVD	id:	CNVD-2019-06190	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-908	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-009998	Trust: 0.8
db:	IVD	id:	159A5F16-67EB-4CC8-8569-AB9F24F77F20	Trust: 0.2
db:	VULHUB	id:	VHN-137823	Trust: 0.1

sources: IVD: 159a5f16-67eb-4cc8-8569-ab9f24f77f20 // CNVD: CNVD-2019-06190 // VULHUB: VHN-137823 // BID: 105182 // JVNDB: JVNDB-2018-009998 // CNNVD: CNNVD-201808-908 // NVD: CVE-2018-7791

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-240-01	Trust: 1.7
url:	http://www.securityfocus.com/bid/105182	Trust: 1.7
url:	https://www.schneider-electric.com/en/download/document/sevd-2018-235-01/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7791	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7791	Trust: 0.8
url:	http://www.schneider-electric.com/products/ww/en/	Trust: 0.3

sources: CNVD: CNVD-2019-06190 // VULHUB: VHN-137823 // BID: 105182 // JVNDB: JVNDB-2018-009998 // CNNVD: CNNVD-201808-908 // NVD: CVE-2018-7791

CREDITS

Irfan Ahmed, Sushma Kalle, and Nehal Ameen of the University of New Orleans, Hyunguk Yoo

Trust: 0.6

sources: CNNVD: CNNVD-201808-908

SOURCES

db:	IVD	id:	159a5f16-67eb-4cc8-8569-ab9f24f77f20
db:	CNVD	id:	CNVD-2019-06190
db:	VULHUB	id:	VHN-137823
db:	BID	id:	105182
db:	JVNDB	id:	JVNDB-2018-009998
db:	CNNVD	id:	CNNVD-201808-908
db:	NVD	id:	CVE-2018-7791

LAST UPDATE DATE

2024-11-23T21:52:51.021000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-06190	date:	2019-03-06T00:00:00
db:	VULHUB	id:	VHN-137823	date:	2019-10-03T00:00:00
db:	BID	id:	105182	date:	2018-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-009998	date:	2019-01-08T00:00:00
db:	CNNVD	id:	CNNVD-201808-908	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2018-7791	date:	2024-11-21T04:12:44.530

SOURCES RELEASE DATE

db:	IVD	id:	159a5f16-67eb-4cc8-8569-ab9f24f77f20	date:	2019-03-06T00:00:00
db:	CNVD	id:	CNVD-2019-06190	date:	2019-03-06T00:00:00
db:	VULHUB	id:	VHN-137823	date:	2018-08-29T00:00:00
db:	BID	id:	105182	date:	2018-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-009998	date:	2018-12-04T00:00:00
db:	CNNVD	id:	CNNVD-201808-908	date:	2018-08-29T00:00:00
db:	NVD	id:	CVE-2018-7791	date:	2018-08-29T21:29:01.180