Modicon M221
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6030 | Med | 0.42 | 6.5 | 0.00 | Jun 30, 2017 | A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version… | ||
| CVE-2020-28214 | 0.00 | — | 0.00 | Dec 11, 2020 | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection… | |||
| CVE-2020-7567 | 0.00 | — | 0.00 | Nov 19, 2020 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221… | |||
| CVE-2020-7566 | 0.00 | — | 0.00 | Nov 19, 2020 | A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221… | |||
| CVE-2020-7565 | 0.00 | — | 0.00 | Nov 19, 2020 | A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221… | |||
| CVE-2019-6820 | 0.00 | — | 0.00 | May 22, 2019 | A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200,… | |||
| CVE-2018-7823 | 0.00 | — | 0.00 | May 22, 2019 | A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message. | |||
| CVE-2018-7822 | 0.00 | — | 0.00 | May 22, 2019 | An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting… | |||
| CVE-2018-7821 | 0.00 | — | 0.01 | May 22, 2019 | An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. | |||
| CVE-2018-7798 | 0.00 | — | 0.00 | Nov 2, 2018 | A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. | |||
| CVE-2018-7791 | 0.00 | — | 0.00 | Aug 29, 2018 | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an… | |||
| CVE-2018-7790 | 0.00 | — | 0.02 | Aug 29, 2018 | An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability… | |||
| CVE-2018-7792 | 0.00 | — | 0.00 | Aug 29, 2018 | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. | |||
| CVE-2018-7789 | 0.00 | — | 0.01 | Aug 29, 2018 | An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted… |
- risk 0.42cvss 6.5epss 0.00
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version…
- CVE-2020-28214Dec 11, 2020risk 0.00cvss —epss 0.00
A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection…
- CVE-2020-7567Nov 19, 2020risk 0.00cvss —epss 0.00
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221…
- CVE-2020-7566Nov 19, 2020risk 0.00cvss —epss 0.00
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221…
- CVE-2020-7565Nov 19, 2020risk 0.00cvss —epss 0.00
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221…
- CVE-2019-6820May 22, 2019risk 0.00cvss —epss 0.00
A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200,…
- CVE-2018-7823May 22, 2019risk 0.00cvss —epss 0.00
A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message.
- CVE-2018-7822May 22, 2019risk 0.00cvss —epss 0.00
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting…
- CVE-2018-7821May 22, 2019risk 0.00cvss —epss 0.01
An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.
- CVE-2018-7798Nov 2, 2018risk 0.00cvss —epss 0.00
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.
- CVE-2018-7791Aug 29, 2018risk 0.00cvss —epss 0.00
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an…
- CVE-2018-7790Aug 29, 2018risk 0.00cvss —epss 0.02
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability…
- CVE-2018-7792Aug 29, 2018risk 0.00cvss —epss 0.00
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.
- CVE-2018-7789Aug 29, 2018risk 0.00cvss —epss 0.01
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted…