PT-2020-6369 · Schneider Electric · Ecostruxure Machine - Basic+3
Published
2020-11-10
·
Updated
2022-02-04
·
CVE-2020-7568
CVSS v3.1
3.1
Low
| Vector | AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Modicon M221 versions all
Modicon M100 (affected versions not specified)
Modicon M200 (affected versions not specified)
Description
The issue is related to the exposure of sensitive information. It could allow a remote attacker to gain unauthorized access to protected information. The vulnerability exists in the traffic between EcoStruxure Machine - Basic software and the Modicon M221 controller, potentially leading to non-sensitive information disclosure when an attacker captures this traffic.
Recommendations
For Modicon M221 versions all, consider restricting access to the traffic between EcoStruxure Machine - Basic software and the Modicon M221 controller to minimize the risk of exploitation.
For Modicon M100 and Modicon M200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecostruxure Machine - Basic
Modicon M100
Modicon M200
Modicon M221