SchneiderCVE-2018-7822CVE-2018-7822
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
17.1%
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | somachine_basic | * | cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:* |
| schneider-electric | modicon_m221_firmware | * | cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | modicon_m221 | - | cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "SoMachine Basic and Modicon M221, SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoMachine Basic and Modicon M221, SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0"
}
]
}
]Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
17.1%