{"api_version":"1","generated_at":"2026-04-23T08:38:27+00:00","cve":"CVE-2020-7567","urls":{"html":"https://cve.report/CVE-2020-7567","api":"https://cve.report/api/cve/CVE-2020-7567.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-7567","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-7567"},"summary":{"title":"CVE-2020-7567","description":"A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.","state":"PUBLIC","assigner":"cybersecurity@schneider-electric.com","published_at":"2020-11-19 22:15:00","updated_at":"2022-02-04 15:50:00"},"problem_types":["CWE-311"],"metrics":[],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","refsource":"MISC","tags":[],"title":"Schneider Electric Modicon M221 Programmable Logic Controller | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","name":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Notification - Modicon M221 Programmable Logic Controller | Schneider Electric","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-7567","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7567","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"7567","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7567","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7567","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"modicon_m221_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7567","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"modicon_m221_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7567","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"se","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7567","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"se","cpe5":"modicon_m221_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-7567","qid":"590471","title":"Schneider Electric Modicon M221 Programmable Logic Controller Multiple Vulnerabilities (ICSA-20-343-04)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-7567","ASSIGNER":"cybersecurity@schneider-electric.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Modicon M221, all references, all versions","version":{"version_data":[{"version_value":"Modicon M221, all references, all versions"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-311: Missing Encryption of Sensitive Data "}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/"},{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"}]},"description":{"description_data":[{"lang":"eng","value":"A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys."}]}},"nvd":{"publishedDate":"2020-11-19 22:15:00","lastModifiedDate":"2022-02-04 15:50:00","problem_types":["CWE-311"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.1,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:M/Au:N/C:P/I:N/A:N","accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.9},"severity":"LOW","exploitabilityScore":5.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"7567","Ordinal":"167846","Title":"CVE-2020-7567","CVE":"CVE-2020-7567","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"7567","Ordinal":"1","NoteData":"A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"7567","Ordinal":"2","NoteData":"2020-11-19","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"7567","Ordinal":"3","NoteData":"2020-12-11","Type":"Other","Title":"Modified"}]}}}