CVE-2020-7566

Name of the Vulnerable Software and Affected Versions Modicon M221 (all references, all versions) Modicon M100 (affected versions not specified) Modicon M200 (affected versions not specified)

Description A vulnerability exists due to a small space of random values, which could allow an attacker to break encryption keys by capturing traffic between EcoStruxure Machine - Basic software and the Modicon controller. This can be exploited using a brute force attack, potentially allowing a remote attacker to bypass existing security restrictions.

Recommendations For Modicon M221, consider restricting access to the controller until a patch is available. For Modicon M100 and Modicon M200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.