CVE-2018-7822

Published: May 22, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic.

Affected (2)

Products: Schneider Electric: Somachine Basic, Modicon M221 Firmware

Schneider Electric

2 products

Somachine Basic

Modicon M221 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Somachine Basic	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M221 Firmware	Before 1.10.0.0

Running on/with	Platform Versions
Schneider Electric Modicon M221	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.