Vulnerabilities > Schneider Electric > Modicon M221 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-22 CVE-2020-7489 Injection vulnerability in Schneider-Electric products
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification).
network
low complexity
schneider-electric CWE-74
critical
 9.8
9.8
2018-08-29 CVE-2018-7790 Authentication Bypass by Capture-replay vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0).
network
low complexity
schneider-electric CWE-294
critical
 9.8
9.8
2018-08-29 CVE-2018-7791 Improper Authentication vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0).
network
low complexity
schneider-electric CWE-287
critical
 9.8
9.8