First published: Fri Dec 11 2020(Updated: )
A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Modicon M221 Firmware | ||
Schneider-electric Modicon M221 | ||
Schneider Electric Modicon M221 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28214 is a vulnerability in Modicon M221 that allows an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables.
The CVE-2020-28214 vulnerability in Modicon M221 could allow an attacker to disable the protection of the device by predicting the hash value using rainbow tables.
CVE-2020-28214 has a severity score of 5.5, which is considered medium.
To fix the CVE-2020-28214 vulnerability in Modicon M221, it is recommended to update to the latest firmware version provided by Schneider-electric.
You can find more information about CVE-2020-28214 on the official Schneider-electric website and the US-CERT advisory.