Skip to main content
Security Advisory

Schneider Electric SoMachine Basic software, M221, M241, AND M2** PLCS

Restrict access to UDP/27127 and TCP/502 on all Schneider Modicon PLCs, and ensure that SoMachine Basic workstations prevent remote access to TCP/27699, and TCP/27700+ (sequential ports dependent upon the number of serial ports that the workstation has available).

Risk Information

affected product:

SoMachine Basic: v1.6SP2, Modicon M221: v1.5.0.0, Modicon M241: v4.0.6.38

Immediate Action

CVE ID

CVE-2018-7821

CVE-2018-7822

CVE-2018-7823

ID

CVE-2018-7821

Source

Dragos

Skill Level

N/A

CVSSV3 BASE / TEMPORAL SCORE

N/A

CVSSV3 vector

N/A

Affecting

  • SoMachine Basic: v1.6SP2, Modicon M221: v1.5.0.0, Modicon M241: v4.0.6.38
  • Vulnerability Type

    Incorrect Default Permissions

    Missing Authentication for Critical Function

    Unauthenticated Configuration

    Disclosure Timeline

    08/09/2019 - Dragos discloses issue