CVE-2018-7798 - Vulnerability Details - OpenCVE

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Schneider-electric	Modicon M221 Somachine Basic

Configuration 1 [-]

AND

cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105970
https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/

History

Fri, 29 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2018-11-02T17:00:00.000Z

Updated: 2026-05-29T14:09:12.112Z

Reserved: 2018-03-08T00:00:00.000Z

Link: CVE-2018-7798

Vulnrichment

Updated: 2024-08-05T06:37:59.359Z

NVD

Status : Modified

Published: 2018-11-02T17:29:00.680

Modified: 2026-05-29T15:16:16.993

Link: CVE-2018-7798

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Modicon M221, All Versions", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "Modicon M221, All Versions"}]}], "datePublic": "2018-11-02T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device."}], "problemTypes": [{"descriptions": [{"description": "Insufficient Verification of Data Authenticity", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-21T10:57:01.000Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"name": "105970", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105970"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7798", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon M221, All Versions", "version": {"version_data": [{"version_value": "Modicon M221, All Versions"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Verification of Data Authenticity"}]}]}, "references": {"reference_data": [{"name": "105970", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105970"}, {"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:37:59.359Z"}, "title": "CVE Program Container", "references": [{"name": "105970", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105970"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-345", "lang": "en", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-05-29T14:08:28.530951Z", "id": "CVE-2018-7798", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T14:09:12.112Z"}}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7798", "datePublished": "2018-11-02T17:00:00.000Z", "dateReserved": "2018-03-08T00:00:00.000Z", "dateUpdated": "2026-05-29T14:09:12.112Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securityfocus.com/bid/105970", "name": "105970", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:37:59.359Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-7798", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-29T14:08:28.530951Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T14:09:00.678Z"}}], "cna": {"affected": [{"vendor": "Schneider Electric SE", "product": "Modicon M221, All Versions", "versions": [{"status": "affected", "version": "Modicon M221, All Versions"}]}], "datePublic": "2018-11-02T00:00:00.000Z", "references": [{"url": "http://www.securityfocus.com/bid/105970", "name": "105970", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2018-11-21T10:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Modicon M221, All Versions"}]}, "product_name": "Modicon M221, All Versions"}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/105970", "name": "105970", "refsource": "BID"}, {"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/", "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Verification of Data Authenticity"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-7798", "STATE": "PUBLIC", "ASSIGNER": "cybersecurity@schneider-electric.com"}}}}, "cveMetadata": {"cveId": "CVE-2018-7798", "state": "PUBLISHED", "dateUpdated": "2026-05-29T14:09:12.112Z", "dateReserved": "2018-03-08T00:00:00.000Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2018-11-02T17:00:00.000Z", "assignerShortName": "schneider"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BCEA269-6242-41FD-B141-F72CAFC8F114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB0D83F4-B718-47AB-AFB8-B576CB138AAC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device."}, {"lang": "es", "value": "Existe una vulnerabilidad de verificaci\u00f3n insuficiente de autenticidad de datos (CWE-345) en Modicon Modicon M221, todas las versiones, lo que podr\u00eda provocar un cambio en la configuraci\u00f3n IPv4 (direcci\u00f3n IP, m\u00e1scara y puerta de enlace) al conectarse remotamente al dispositivo."}], "id": "CVE-2018-7798", "lastModified": "2026-05-29T15:16:16.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2018-11-02T17:29:00.680", "references": [{"source": "cybersecurity@se.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105970"}, {"source": "cybersecurity@se.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}