CVE-2020-7565

Name of the Vulnerable Software and Affected Versions Modicon M221 (all versions) Modicon M100 (affected versions not specified) Modicon M200 (affected versions not specified)

Description A CWE-326: Inadequate Encryption Strength issue exists that could allow an attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and the Modicon controller. This could permit a remote attacker to obtain the encryption key.

Recommendations For Modicon M221, consider disabling the encryption functionality until a patch is available. For Modicon M100 and Modicon M200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.