Details of VAR-201905-1023

ID

VAR-201905-1023

CVE

CVE-2018-7821

TITLE

SoMachine Basic and Modicon M221 Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015485

DESCRIPTION

An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. SoMachine Basic and Modicon M221 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Schneider Electric SoMachine Basic and Schneider Electric Modicon M221 are products of French Schneider Electric (Schneider Electric). Schneider Electric SoMachine Basic is a suite of software for programming logic controllers. Schneider Electric Modicon M221 is a programmable logic controller. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.8

sources: NVD: CVE-2018-7821 // JVNDB: JVNDB-2018-015485 // VULHUB: VHN-137853 // VULMON: CVE-2018-7821

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m221	scope:	lt	version:	1.10.0.0	Trust: 1.8
vendor:	schneider electric	model:	somachine basic	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	somachine basic	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-015485 // NVD: CVE-2018-7821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7821
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7821
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-905
value:	HIGH
Trust: 0.6
VULHUB:	VHN-137853
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-7821
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7821
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-137853
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7821
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2018-7821
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-137853 // VULMON: CVE-2018-7821 // JVNDB: JVNDB-2018-015485 // CNNVD: CNNVD-201905-905 // NVD: CVE-2018-7821

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-137853 // JVNDB: JVNDB-2018-015485 // NVD: CVE-2018-7821

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-905

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-905

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015485

PATCH

title:	SEVD-2019-045-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/	Trust: 0.8
title:	Schneider Electric SoMachine Basic and Modicon M221 Remediation measures for environmental problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92883	Trust: 0.6
title:	CVE-2018-7821	url:	https://github.com/AlAIAL90/CVE-2018-7821	Trust: 0.1

sources: VULMON: CVE-2018-7821 // JVNDB: JVNDB-2018-015485 // CNNVD: CNNVD-201905-905

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7821	Trust: 2.6
db:	SCHNEIDER	id:	SEVD-2019-045-01	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-015485	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-905	Trust: 0.7
db:	VULHUB	id:	VHN-137853	Trust: 0.1
db:	VULMON	id:	CVE-2018-7821	Trust: 0.1

sources: VULHUB: VHN-137853 // VULMON: CVE-2018-7821 // JVNDB: JVNDB-2018-015485 // CNNVD: CNNVD-201905-905 // NVD: CVE-2018-7821

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2019-045-01/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7821	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7821	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/770.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2018-7821	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-137853 // VULMON: CVE-2018-7821 // JVNDB: JVNDB-2018-015485 // CNNVD: CNNVD-201905-905 // NVD: CVE-2018-7821

SOURCES

db:	VULHUB	id:	VHN-137853
db:	VULMON	id:	CVE-2018-7821
db:	JVNDB	id:	JVNDB-2018-015485
db:	CNNVD	id:	CNNVD-201905-905
db:	NVD	id:	CVE-2018-7821

LAST UPDATE DATE

2024-11-23T22:12:01.338000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-137853	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2018-7821	date:	2021-08-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-015485	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-905	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2018-7821	date:	2024-11-21T04:12:47.533

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-137853	date:	2019-05-22T00:00:00
db:	VULMON	id:	CVE-2018-7821	date:	2019-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-015485	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-905	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2018-7821	date:	2019-05-22T20:29:01.043