Sign-up

ID

VAR-202011-1279


CVE

CVE-2020-7568


TITLE

Modicon M221  Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013654

DESCRIPTION

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains an information disclosure vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-7568 // JVNDB: JVNDB-2020-013654

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m221scope:eqversion: -

Trust: 1.8

vendor:schneider electricmodel:modicon m221scope:eqversion:modicon m221 firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-013654 // NVD: CVE-2020-7568

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-7568
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202011-1673
value: MEDIUM

Trust: 0.6

NVD: CVE-2020-7568
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2020-7568
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-7568
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-013654 // CNNVD: CNNVD-202011-1673 // NVD: CVE-2020-7568

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:information leak (CWE-200) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013654 // NVD: CVE-2020-7568

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1673

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202011-1673

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-7568

PATCH
title:SEVD-2020-315-05url:https://www.se.com/ww/en/download/document/sevd-2020-315-05/
Trust: 0.8
title:Schneider Electric Modicon M221 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135520
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-013654 // 
            
            
            
            CNNVD: CNNVD-202011-1673

EXTERNAL IDS
db:ICS CERTid:ICSA-20-343-04
Trust: 2.4
db:NVDid:CVE-2020-7568
Trust: 2.4
db:SCHNEIDERid:SEVD-2020-315-05
Trust: 1.6
db:JVNid:JVNVU91936841
Trust: 0.8
db:JVNDBid:JVNDB-2020-013654
Trust: 0.8
db:CNNVDid:CNNVD-202011-1673
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-013654 // 
            
            
            
            CNNVD: CNNVD-202011-1673 // 
            
            
            
            NVD: CVE-2020-7568

REFERENCES
url:https://www.se.com/ww/en/download/document/sevd-2020-315-05/
Trust: 1.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-7568
Trust: 1.4
url:https://jvn.jp/vu/jvnvu91936841/
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04¥
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-013654 // 
            
            
            
            CNNVD: CNNVD-202011-1673 // 
            
            
            
            NVD: CVE-2020-7568

SOURCES
db:JVNDBid:JVNDB-2020-013654
db:CNNVDid:CNNVD-202011-1673
db:NVDid:CVE-2020-7568

LAST UPDATE DATE
2022-05-04T08:33:46.095000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-013654date:2021-07-09T06:22:00
db:CNNVDid:CNNVD-202011-1673date:2022-03-10T00:00:00
db:NVDid:CVE-2020-7568date:2022-02-04T16:09:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-013654date:2021-07-09T00:00:00
db:CNNVDid:CNNVD-202011-1673date:2020-11-19T00:00:00
db:NVDid:CVE-2020-7568date:2020-11-19T22:15:00