Sensitive Information Exposure in Modicon M221 by Schneider Electric
CVE-2020-7568

4.3MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Modicon M221, All References, All Versions
Vendor: CVE Published:; 19 November 2020

Summary

An exposure of sensitive information vulnerability exists in Modicon M221, allowing attackers to gain access to non-sensitive information by capturing the communication traffic between the EcoStruxure Machine - Basic software and the Modicon M221 controller. This vulnerability could facilitate unauthorized actors in acquiring information that is not typically meant for public access, potentially leading to further security breaches or targeted attacks.

Affected Version(s)

Modicon M221, all references, all Modicon M221, all references, all versions

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-05/

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2020
Vulnerability Reserved
Jan 21, 2020