FixVibe

// 探索 / 聚焦

Schneider Modicon M221 Firmware Advisory

PLC firmware evidence should drive patch and segmentation review, not reboot or authentication replay tests.

概要

Modicon M221 controllers are operational technology assets, so a public firmware signal carries a different risk profile than a normal web-app banner. CVE-2018-7789 and CVE-2018-7790 apply to Modicon M221 firmware versions prior to V1.6.2.0 and describe remote reboot plus authentication replay risk for attackers who can connect to the PLC.

工作原理

The check stays passive. It requires target-specific HTTP evidence for Modicon M221 plus a firmware-version label below V1.6.2.0, suppresses advisory/documentation pages, and records what was observed. It does not send programming-protocol frames, query Modbus, trigger reboots, capture or replay credentials, authenticate to the controller, upload PLC programs, or prove unauthorized access.

影响范围

If a real Modicon M221 controller with affected firmware is reachable from untrusted networks, the vendor and NVD advisory context should drive urgent firmware validation, management-interface restriction, and log review. The result is a critical version-based advisory, not proof that FixVibe reproduced reboot or replay behavior.

// fixvibe 如何检测

FixVibe 如何检测

FixVibe maps externally visible application surfaces with passive signals and safe metadata checks. Reports summarize the exposed surface and remediation priorities. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.

铁壁防御

Upgrade Modicon M221 firmware to V1.6.2.0 or later, verify the running firmware directly from trusted controller inventory or Schneider-supported tooling, block remote/external access to industrial management ports such as TCP/502, disable unused protocols including programming protocol where possible, and restrict management to trusted industrial networks or VPN.

// 在你自己的应用上跑一遍

放心继续发布,FixVibe 持续帮你看守风险。

FixVibe 像攻击者一样对你的应用公开面进行压力测试 —— 无代理、无安装、无信用卡。我们持续研究新的漏洞模式,并把它们转化成实用检查和可直接用于 Cursor、Claude、Copilot 的修复方案。

探索
142
本类别中触发的测试
模块
23
专属 探索 检查
每次扫描
487+
跨所有类别的测试
  • 免费 —— 无需信用卡,无需安装,无需 Slack 通知
  • 只需粘贴 URL —— 我们爬取、探测、生成报告
  • 按严重程度分级,去重至只剩信号
  • AI-ready prompts where code applies, plus operator steps for DNS/provider fixes
运行免费扫描

// 最新检查 · 实用修复 · 安心发布

Schneider Modicon M221 Firmware Advisory — 漏洞聚焦 | FixVibe · FixVibe