FixVibe

// discovery / spotlight

Schneider Modicon M221 Firmware Advisory

PLC firmware evidence should drive patch and segmentation review, not reboot or authentication replay tests.

Il gancio

Modicon M221 controllers are operational technology assets, so a public firmware signal carries a different risk profile than a normal web-app banner. CVE-2018-7789 and CVE-2018-7790 apply to Modicon M221 firmware versions prior to V1.6.2.0 and describe remote reboot plus authentication replay risk for attackers who can connect to the PLC.

Come funziona

The check stays passive. It requires target-specific HTTP evidence for Modicon M221 plus a firmware-version label below V1.6.2.0, suppresses advisory/documentation pages, and records what was observed. It does not send programming-protocol frames, query Modbus, trigger reboots, capture or replay credentials, authenticate to the controller, upload PLC programs, or prove unauthorized access.

Il raggio d'azione

If a real Modicon M221 controller with affected firmware is reachable from untrusted networks, the vendor and NVD advisory context should drive urgent firmware validation, management-interface restriction, and log review. The result is a critical version-based advisory, not proof that FixVibe reproduced reboot or replay behavior.

// cosa controlla fixvibe

Cosa controlla FixVibe

FixVibe maps externally visible application surfaces with passive signals and safe metadata checks. Reports summarize the exposed surface and remediation priorities. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.

Difese a prova di bomba

Upgrade Modicon M221 firmware to V1.6.2.0 or later, verify the running firmware directly from trusted controller inventory or Schneider-supported tooling, block remote/external access to industrial management ports such as TCP/502, disable unused protocols including programming protocol where possible, and restrict management to trusted industrial networks or VPN.

// run it on your own app

Continua a spedire mentre FixVibe vigila per te.

FixVibe mette sotto pressione la superficie pubblica della tua app come farebbe un attaccante — senza agent, senza installazione, senza carta. Continuiamo a studiare nuovi pattern di vulnerabilità e li trasformiamo in controlli pratici e fix pronti da incollare in Cursor, Claude e Copilot.

Discovery
142
test eseguiti in questa categoria
modules
23
controlli dedicati a discovery
ogni scansione
487+
test su tutte le categorie
  • Gratis — senza carta di credito, senza installazione, senza ping su Slack
  • Incolla un URL — pensiamo noi a crawl, sonde e report
  • Risultati classificati in base alla gravità, deduplicati solo per segnalare
  • AI-ready prompts where code applies, plus operator steps for DNS/provider fixes
Esegui una scansione gratuita

// latest checks · practical fixes · ship with confidence

Schneider Modicon M221 Firmware Advisory — Vulnerabilità in primo piano | FixVibe · FixVibe