CVE-2021-22731

Name of the Vulnerable Software and Affected Versions Modicon Managed Switch MCSESM* and MCSESP* versions V8.21 and prior

Description A Weak Password Recovery Mechanism for Forgotten Password issue exists, allowing an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.

Recommendations For Modicon Managed Switch MCSESM* and MCSESP* versions V8.21 and prior, consider disabling the password recovery mechanism until a patch is available. Restrict access to the HTTP / HTTPS interfaces to minimize the risk of exploitation. Avoid using basic user information in the password recovery process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.