Security Advisory

Schneider Electric SoMachine Basic software, M221, M241, AND M2** PLCS

Risk Information

Immediate Action

CVE ID

CVE-2018-7821

CVE-2018-7822

CVE-2018-7823

Vunerability Type

Incorrect Default Permissions

Missing Authentication for Critical Function

Unauthenticated Configuration

CVSS3 Score

7.5

5.5

5.3

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SoMachine Basic: v1.6SP2

Modicon M221: v1.5.0.0

Modicon M241: v4.0.6.38

Schneider Electric has not yet produced a patch to address all the issues mentioned.

08/09/2019