Sign-up

ID

VAR-202011-1277


CVE

CVE-2020-7566


TITLE

Modicon M221  Insufficient random value vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013653

DESCRIPTION

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Is vulnerable to inadequate random values.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2020-7566 // JVNDB: JVNDB-2020-013653 // VULMON: CVE-2020-7566

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m221scope:eqversion: -

Trust: 1.8

vendor:schneider electricmodel:modicon m221scope:eqversion:modicon m221 firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-013653 // NVD: CVE-2020-7566

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-7566
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202011-1672
value: HIGH

Trust: 0.6

VULMON: CVE-2020-7566
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-7566
severity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2020-7566
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-7566
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-7566 // JVNDB: JVNDB-2020-013653 // CNNVD: CNNVD-202011-1672 // NVD: CVE-2020-7566

PROBLEMTYPE DATA

problemtype:CWE-334

Trust: 1.0

problemtype:Insufficient random value (CWE-334) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013653 // NVD: CVE-2020-7566

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1672

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1672

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-7566

PATCH
title:SEVD-2020-315-05url:https://www.se.com/ww/en/download/document/sevd-2020-315-05/
Trust: 0.8
title:Schneider Electric Modicon M221 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135519
Trust: 0.6
title:CVE-2020-7566url:https://github.com/alaial90/cve-2020-7566 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-7566 // 
            
            
            
            JVNDB: JVNDB-2020-013653 // 
            
            
            
            CNNVD: CNNVD-202011-1672

EXTERNAL IDS
db:ICS CERTid:ICSA-20-343-04
Trust: 2.5
db:NVDid:CVE-2020-7566
Trust: 2.5
db:SCHNEIDERid:SEVD-2020-315-05
Trust: 1.7
db:JVNid:JVNVU91936841
Trust: 0.8
db:JVNDBid:JVNDB-2020-013653
Trust: 0.8
db:CNNVDid:CNNVD-202011-1672
Trust: 0.6
db:VULMONid:CVE-2020-7566
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-7566 // 
            
            
            
            JVNDB: JVNDB-2020-013653 // 
            
            
            
            CNNVD: CNNVD-202011-1672 // 
            
            
            
            NVD: CVE-2020-7566

REFERENCES
url:https://www.se.com/ww/en/download/document/sevd-2020-315-05/
Trust: 1.7
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-7566
Trust: 1.4
url:https://jvn.jp/vu/jvnvu91936841/
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04¥
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/334.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-7566
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-7566 // 
            
            
            
            JVNDB: JVNDB-2020-013653 // 
            
            
            
            CNNVD: CNNVD-202011-1672 // 
            
            
            
            NVD: CVE-2020-7566

SOURCES
db:VULMONid:CVE-2020-7566
db:JVNDBid:JVNDB-2020-013653
db:CNNVDid:CNNVD-202011-1672
db:NVDid:CVE-2020-7566

LAST UPDATE DATE
2022-05-04T08:33:46.015000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-7566date:2021-08-19T00:00:00
db:JVNDBid:JVNDB-2020-013653date:2021-07-09T06:22:00
db:CNNVDid:CNNVD-202011-1672date:2022-03-10T00:00:00
db:NVDid:CVE-2020-7566date:2022-02-03T16:14:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-7566date:2020-11-19T00:00:00
db:JVNDBid:JVNDB-2020-013653date:2021-07-09T00:00:00
db:CNNVDid:CNNVD-202011-1672date:2020-11-19T00:00:00
db:NVDid:CVE-2020-7566date:2020-11-19T22:15:00