CVE-2020-7568: Infoleak
First published: Thu Nov 19 2020(Updated: )
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Modicon M221 Firmware | ||
| Schneider-electric Modicon M221 | ||
| Schneider Electric Modicon M221 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-7568.
What is the severity of the vulnerability?
The severity of the vulnerability is medium with a severity value of 4.3.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-200.
Which software is affected by this vulnerability?
The Schneider-electric Modicon M221 Firmware and Modicon M221 software are both affected by this vulnerability.
How can this vulnerability be fixed?
To fix this vulnerability, it is recommended to update to a patched version of the Modicon M221 software.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/severity
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider-electric modicon m221 firmware
- canonical/schneider-electric modicon m221
- vendor/schneider electric
- canonical/schneider electric modicon m221