CVE-2020-7567

MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
A missing encryption of sensitive data vulnerability exists that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and has broken the encryption keys.

Read more: Update to Recent Schneider Electric M221 PLC Vulnerabilities

Risk Information

  • CVE ID
  • CVE-2020-7567
  • Vendor
  • Schneider Electric
  • Product
  • Modicon M221
  • CVSS v3
  • 7.1