Bryon Kaan

**Name of the Vulnerable Software and Affected Versions** Modicon M221 (all references, all versions) Modicon M100 (affected versions not specified) Modicon M200 (affected versions not specified) **Description** A vulnerability exists due to a small space of random values, which could allow an attacker to break encryption keys by capturing traffic between EcoStruxure Machine - Basic software and the Modicon controller. This can be exploited using a brute force attack, potentially allowing a remote attacker to bypass existing security restrictions. **Recommendations** For Modicon M221, consider restricting access to the controller until a patch is available. For Modicon M100 and Modicon M200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Modicon M221 (all references, all versions) Modicon M100 (affected versions not specified) Modicon M200 (affected versions not specified) **Description** A Missing Encryption of Sensitive Data issue exists that could allow an attacker to find the password hash when they have captured the traffic between EcoStruxure Machine - Basic software and the Modicon controller and broke the encryption keys. This could be exploited by a remote attacker to obtain the encryption key. **Recommendations** For Modicon M221, consider implementing additional encryption measures to protect sensitive data until a patch is available. For Modicon M100 and Modicon M200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.