Cleartext Transmission Vulnerability in Modicon Controllers by Schneider Electric
CVE-2020-7488

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Machine Expert (all Versions)somachine, Somachine Motion (all Versions)modicon M218 Logic Controller (all Versions)modicon M241 Logic Controller (all Versions)modicon M251 Logic Controller (all Versions)modicon M258 Logic Controller (all Versions)
Vendor: CVE Published:; 22 April 2020

Summary

A vulnerability in Modicon Controllers manufactured by Schneider Electric allows for the transmission of sensitive information in cleartext. This could potentially lead to unauthorized disclosure of critical data exchanged between the software and the controllers. Affected devices include the Modicon M218, M241, M251, and M258. Mitigating this risk involves using secure communication protocols to ensure the protection of sensitive information.

Affected Version(s)

EcoStruxure Machine Expert (all )SoMachine, SoMachine Motion (all )Modicon M218 Logic Controller (all )Modicon M241 Logic Controller (all )Modicon M251 Logic Controller (all )Modicon M258 Logic Controller (all ) EcoStruxure Machine Expert (all versions)SoMachine, SoMachine Motion (all versions)Modicon M218 Logic Controller (all versions)Modicon M241 Logic Controller (all versions)Modicon M251 Logic Controller (all versions)Modicon M258 Logic Controller (all versions)

References

https://www.se.com/ww/en/download/document/SEVD-2020-105-02

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2020
Vulnerability Reserved
Jan 21, 2020