Vulnerability Details CVE-2018-7798
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.6%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 6.4
References
Products affected by CVE-2018-7798
-
cpe:2.3:a:schneider-electric:somachine_basic:-
-
cpe:2.3:a:schneider-electric:somachine_basic:1.0
-
cpe:2.3:a:schneider-electric:somachine_basic:1.1
-
cpe:2.3:a:schneider-electric:somachine_basic:1.2
-
cpe:2.3:a:schneider-electric:somachine_basic:1.3
-
cpe:2.3:a:schneider-electric:somachine_basic:1.4
-
cpe:2.3:a:schneider-electric:somachine_basic:1.5
-
cpe:2.3:a:schneider-electric:somachine_basic:1.5.0.1
-
cpe:2.3:a:schneider-electric:somachine_basic:1.6
-
cpe:2.3:h:schneider-electric:modicon_m221:-