PT-2019-1483 · Schneider Electric · Somachine Basic+1

Published

2019-02-14

Updated

2022-01-31

CVE-2018-7822

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions SoMachine Basic versions prior to V1.10.0.0 Modicon M221 versions prior to V1.10.0.0

Description The issue is related to incorrect default permissions, which could allow an attacker to gain access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. This is due to improper default settings of access rights.

Recommendations For SoMachine Basic versions prior to V1.10.0.0, update to firmware V1.10.0.0 or later to resolve the issue. For Modicon M221 versions prior to V1.10.0.0, update to firmware V1.10.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the system hosting SoMachine Basic to minimize the risk of exploitation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

BDU:2019-00891

CVE-2018-7822

Affected Products

Modicon M221

Somachine Basic

PT-2019-1483 · Schneider Electric · Somachine Basic+1

CVE-2018-7822

Weakness Enumeration

Related Identifiers

Affected Products

References · 7