VYPR

Modicon M221

by Schneider Electric

CVEs (14)

  • CVE-2018-7791CriAug 29, 2018
    risk 0.64cvss 9.8epss 0.02

    A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an…

  • CVE-2018-7790CriAug 29, 2018
    risk 0.64cvss 9.8epss 0.02

    An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability…

  • CVE-2018-7798HigNov 2, 2018
    risk 0.53cvss 8.2epss 0.01

    A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

  • CVE-2018-7821HigMay 22, 2019
    risk 0.49cvss 7.5epss 0.01

    An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.

  • CVE-2019-10953HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.04

    ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

  • CVE-2018-7792HigAug 29, 2018
    risk 0.49cvss 7.5epss 0.01

    A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.

  • CVE-2018-7789HigAug 29, 2018
    risk 0.49cvss 7.5epss 0.03

    An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted…

  • CVE-2020-7566HigNov 19, 2020
    risk 0.47cvss 7.3epss 0.00

    A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221…

  • CVE-2020-7565HigNov 19, 2020
    risk 0.47cvss 7.3epss 0.00

    A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221…

  • CVE-2017-6030MedJun 30, 2017
    risk 0.42cvss 6.5epss 0.02

    A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version…

  • CVE-2020-7567MedNov 19, 2020
    risk 0.37cvss 5.7epss 0.00

    A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221…

  • CVE-2020-28214MedDec 11, 2020
    risk 0.36cvss 5.5epss 0.01

    A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection…

  • CVE-2018-7822MedMay 22, 2019
    risk 0.36cvss 5.5epss 0.00

    An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting…

  • CVE-2020-7568MedNov 19, 2020
    risk 0.28cvss 4.3epss 0.01

    A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software…