CVE-2020-7567

MEDIUM

Schneider-electric Modicon M221 Firmware - Missing Encryption

Title source: rule

Description

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.

References (2)

[Vendor Advisory] https://www.se.com/ww/en/download/document/SEVD-2020-315-05/

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04

Scores

CVSS v3 5.7

EPSS 0.0002

EPSS Percentile 5.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-311

Status published

Products (1)

schneider-electric/modicon_m221_firmware

Published Nov 19, 2020

Tracked Since Feb 18, 2026