CVE-2018-7822
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic.
Existe una vulnerabilidad de permisos predeterminados incorrectos (CWE-276) en SoMachine Basic, todas las versiones, y Modicon M221 (todas las referencias, todas las versiones anteriores al firmware V1.10.0.0), que podrĂa generar un acceso no autorizado a los archivos de recursos de SoMachine Basic cuando se logean en el System Hosting de SoMachine Basic.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-08 CVE Reserved
- 2019-05-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01 | 2022-01-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Modicon M221 Firmware Search vendor "Schneider-electric" for product "Modicon M221 Firmware" | < 1.10.0.0 Search vendor "Schneider-electric" for product "Modicon M221 Firmware" and version " < 1.10.0.0" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M221 Search vendor "Schneider-electric" for product "Modicon M221" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Somachine Basic Search vendor "Schneider-electric" for product "Somachine Basic" | * | - |
Affected
| ||||||