CVE-2018-7791

Name of the Vulnerable Software and Affected Versions Modicon M221 versions prior to V1.6.2.0

Description A Permissions, Privileges, and Access Control issue exists, allowing unauthorized users to overwrite the original password with their own. This could enable an attacker to upload the original program from the PLC if the vulnerability is exploited. The issue is caused by weaknesses in the authentication procedure, which can be exploited remotely to rewrite passwords.

Recommendations For versions prior to V1.6.2.0, update the firmware to V1.6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the PLC to minimize the risk of exploitation. Avoid using the device remotely until the issue is resolved by updating the firmware.