ID

VAR-202011-1278


CVE

CVE-2020-7567


TITLE

Modicon M221  Vulnerability regarding lack of encryption of critical data in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013655

DESCRIPTION

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys. Modicon M221 There is a vulnerability in the lack of encryption of critical data.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-7567 // JVNDB: JVNDB-2020-013655

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m221scope:eqversion: -

Trust: 1.8

vendor:schneider electricmodel:modicon m221scope:eqversion:modicon m221 firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-013655 // NVD: CVE-2020-7567

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-7567
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202011-1674
value: MEDIUM

Trust: 0.6

NVD: CVE-2020-7567
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2020-7567
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-7567
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-013655 // CNNVD: CNNVD-202011-1674 // NVD: CVE-2020-7567

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.0

problemtype:Lack of encryption of critical data (CWE-311) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013655 // NVD: CVE-2020-7567

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1674

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1674

CONFIGURATIONS

sources: NVD: CVE-2020-7567

PATCH

title:SEVD-2020-315-05url:https://www.se.com/ww/en/download/document/sevd-2020-315-05/

Trust: 0.8

title:Schneider Electric Modicon M221 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135521

Trust: 0.6

sources: JVNDB: JVNDB-2020-013655 // CNNVD: CNNVD-202011-1674

EXTERNAL IDS

db:ICS CERTid:ICSA-20-343-04

Trust: 2.4

db:NVDid:CVE-2020-7567

Trust: 2.4

db:SCHNEIDERid:SEVD-2020-315-05

Trust: 1.6

db:JVNid:JVNVU91936841

Trust: 0.8

db:JVNDBid:JVNDB-2020-013655

Trust: 0.8

db:CNNVDid:CNNVD-202011-1674

Trust: 0.6

sources: JVNDB: JVNDB-2020-013655 // CNNVD: CNNVD-202011-1674 // NVD: CVE-2020-7567

REFERENCES

url:https://www.se.com/ww/en/download/document/sevd-2020-315-05/

Trust: 1.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-7567

Trust: 1.4

url:https://jvn.jp/vu/jvnvu91936841/

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04¥

Trust: 0.8

sources: JVNDB: JVNDB-2020-013655 // CNNVD: CNNVD-202011-1674 // NVD: CVE-2020-7567

SOURCES

db:JVNDBid:JVNDB-2020-013655
db:CNNVDid:CNNVD-202011-1674
db:NVDid:CVE-2020-7567

LAST UPDATE DATE

2022-05-04T08:33:46.040000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-013655date:2021-07-09T06:22:00
db:CNNVDid:CNNVD-202011-1674date:2022-03-10T00:00:00
db:NVDid:CVE-2020-7567date:2022-02-04T15:50:00

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-013655date:2021-07-09T00:00:00
db:CNNVDid:CNNVD-202011-1674date:2020-11-19T00:00:00
db:NVDid:CVE-2020-7567date:2020-11-19T22:15:00