{"api_version":"1","generated_at":"2026-04-23T08:39:30+00:00","cve":"CVE-2020-7566","urls":{"html":"https://cve.report/CVE-2020-7566","api":"https://cve.report/api/cve/CVE-2020-7566.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-7566","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-7566"},"summary":{"title":"CVE-2020-7566","description":"A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.","state":"PUBLIC","assigner":"cybersecurity@schneider-electric.com","published_at":"2020-11-19 22:15:00","updated_at":"2022-02-03 16:14:00"},"problem_types":["CWE-334"],"metrics":[],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","refsource":"MISC","tags":[],"title":"Schneider Electric Modicon M221 Programmable Logic Controller | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","name":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Notification - Modicon M221 Programmable Logic Controller | Schneider Electric","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-7566","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7566","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"7566","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7566","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7566","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"modicon_m221_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7566","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"modicon_m221_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7566","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"se","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7566","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"se","cpe5":"modicon_m221_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-7566","qid":"590471","title":"Schneider Electric Modicon M221 Programmable Logic Controller Multiple Vulnerabilities (ICSA-20-343-04)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-7566","ASSIGNER":"cybersecurity@schneider-electric.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Modicon M221, all references, all versions","version":{"version_data":[{"version_value":"Modicon M221, all references, all versions"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-334: Small Space of Random ValuesÊ"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/"},{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"}]},"description":{"description_data":[{"lang":"eng","value":"A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller."}]}},"nvd":{"publishedDate":"2020-11-19 22:15:00","lastModifiedDate":"2022-02-03 16:14:00","problem_types":["CWE-334"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.3,"baseSeverity":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:M/Au:N/C:P/I:P/A:N","accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":5.5,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"7566","Ordinal":"167845","Title":"CVE-2020-7566","CVE":"CVE-2020-7566","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"7566","Ordinal":"1","NoteData":"A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"7566","Ordinal":"2","NoteData":"2020-11-19","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"7566","Ordinal":"3","NoteData":"2020-12-11","Type":"Other","Title":"Modified"}]}}}