Schneider Modicon M221 Hole Fixed

Tuesday, August 28, 2018 @ 05:08 PM gHale

Schneider Electric fixed an improper check for unusual or exceptional conditions vulnerability in its Modicon M221, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Yehonatan Kfir of Radiflow who worked with Schneider on the vulnerability, could allow an unauthorized user to remotely reboot the device.

Schneider Fills PowerLogic Hole
ABB Fix Coming for eSOMS
BD Mitigates Hole in Alaris Plus
Mitigations for Philips’ Monitoring System

A programmable logic controller (PLC), Modicon M221 all references and versions prior to firmware v1.6.2.0 suffer from the issue.

The vulnerability may allow unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.

CVE-2018-7789 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.8.

The product sees action mainly in the commercial facilities sector. It also sees use on a global basis.

No known public exploits specifically target this vulnerability. High skill level is needed to exploit.

Schneider Electric reports that a fix for this vulnerability is implemented in Modicon M221 Firmware v1.6.2.0, delivered within SoMachine Basic v1.6 SP2, or by using the Schneider Electric Software Update tool.

Click here for the download for SoMachine Basic.

For more information, see the Schneider Electric security notification.

Leave a Reply

You must be logged in to post a comment.