Details of VAR-201905-1025

ID

VAR-201905-1025

CVE

CVE-2018-7823

TITLE

Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-45190 // CNNVD: CNNVD-201905-907

DESCRIPTION

A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message. SoMachine Basic and Modicon M221 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are both products of Schneider Electric. Schneider Electric SoMachine Basic is a software for logic controller programming. Schneider Electric Modicon M221 is a programmable logic controller. The vulnerability stems from network systems or products that did not properly validate the input data

Trust: 2.52

sources: NVD: CVE-2018-7823 // JVNDB: JVNDB-2018-015487 // CNVD: CNVD-2019-45190 // IVD: 2a8b3bb6-fdeb-453a-961b-395292a4e841 // VULHUB: VHN-137855 // VULMON: CVE-2018-7823

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 2a8b3bb6-fdeb-453a-961b-395292a4e841 // CNVD: CNVD-2019-45190

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m221	scope:	lt	version:	1.10.0.0	Trust: 1.8
vendor:	schneider electric	model:	somachine basic	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	somachine basic	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m221	scope:	lt	version:	v1.10.0.0	Trust: 0.6
vendor:	schneider	model:	electric somachine basic	scope:	-	version:	-	Trust: 0.6
vendor:	somachine basic	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicon m221	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 2a8b3bb6-fdeb-453a-961b-395292a4e841 // CNVD: CNVD-2019-45190 // JVNDB: JVNDB-2018-015487 // NVD: CVE-2018-7823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7823
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7823
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-45190
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-907
value:	MEDIUM
Trust: 0.6
IVD:	2a8b3bb6-fdeb-453a-961b-395292a4e841
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-137855
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-7823
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7823
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-45190
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2a8b3bb6-fdeb-453a-961b-395292a4e841
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-137855
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7823
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-7823
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 2a8b3bb6-fdeb-453a-961b-395292a4e841 // CNVD: CNVD-2019-45190 // VULHUB: VHN-137855 // VULMON: CVE-2018-7823 // JVNDB: JVNDB-2018-015487 // CNNVD: CNNVD-201905-907 // NVD: CVE-2018-7823

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-137855 // JVNDB: JVNDB-2018-015487 // NVD: CVE-2018-7823

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-907

TYPE

Input validation error

Trust: 0.8

sources: IVD: 2a8b3bb6-fdeb-453a-961b-395292a4e841 // CNNVD: CNNVD-201905-907

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015487

PATCH

title:	SEVD-2019-045-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/	Trust: 0.8
title:	Patch for Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/194041	Trust: 0.6
title:	Schneider Electric SoMachine Basic and Modicon M221 Remediation measures for environmental problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92885	Trust: 0.6

sources: CNVD: CNVD-2019-45190 // JVNDB: JVNDB-2018-015487 // CNNVD: CNNVD-201905-907

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7823	Trust: 3.4
db:	SCHNEIDER	id:	SEVD-2019-045-01	Trust: 1.8
db:	CNNVD	id:	CNNVD-201905-907	Trust: 0.9
db:	CNVD	id:	CNVD-2019-45190	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-015487	Trust: 0.8
db:	IVD	id:	2A8B3BB6-FDEB-453A-961B-395292A4E841	Trust: 0.2
db:	VULHUB	id:	VHN-137855	Trust: 0.1
db:	VULMON	id:	CVE-2018-7823	Trust: 0.1

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-7823	Trust: 2.0
url:	https://www.schneider-electric.com/en/download/document/sevd-2019-045-01/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7823	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-45190 // VULHUB: VHN-137855 // VULMON: CVE-2018-7823 // JVNDB: JVNDB-2018-015487 // CNNVD: CNNVD-201905-907 // NVD: CVE-2018-7823

SOURCES

db:	IVD	id:	2a8b3bb6-fdeb-453a-961b-395292a4e841
db:	CNVD	id:	CNVD-2019-45190
db:	VULHUB	id:	VHN-137855
db:	VULMON	id:	CVE-2018-7823
db:	JVNDB	id:	JVNDB-2018-015487
db:	CNNVD	id:	CNNVD-201905-907
db:	NVD	id:	CVE-2018-7823

LAST UPDATE DATE

2024-11-23T22:12:01.367000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-45190	date:	2019-12-13T00:00:00
db:	VULHUB	id:	VHN-137855	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2018-7823	date:	2022-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-015487	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-907	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2018-7823	date:	2024-11-21T04:12:47.787

SOURCES RELEASE DATE

db:	IVD	id:	2a8b3bb6-fdeb-453a-961b-395292a4e841	date:	2019-12-13T00:00:00
db:	CNVD	id:	CNVD-2019-45190	date:	2019-12-13T00:00:00
db:	VULHUB	id:	VHN-137855	date:	2019-05-22T00:00:00
db:	VULMON	id:	CVE-2018-7823	date:	2019-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-015487	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-907	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2018-7823	date:	2019-05-22T20:29:01.120