Vulnerabilities > Schneider Electric > Modicon M221 Firmware > High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-22	CVE-2020-7489	Injection vulnerability in Schneider-Electric products A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). network low complexity schneider-electric CWE-74	7.5
2018-08-29	CVE-2018-7791	Improper Authentication vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). network low complexity schneider-electric CWE-287	7.5
2018-08-29	CVE-2018-7790	Authentication Bypass by Capture-replay vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). network low complexity schneider-electric CWE-294	7.5
2018-08-29	CVE-2018-7789	Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). network low complexity schneider-electric CWE-754	7.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.