{"api_version":"1","generated_at":"2026-04-23T08:38:24+00:00","cve":"CVE-2020-7568","urls":{"html":"https://cve.report/CVE-2020-7568","api":"https://cve.report/api/cve/CVE-2020-7568.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-7568","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-7568"},"summary":{"title":"CVE-2020-7568","description":"A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.","state":"PUBLIC","assigner":"cybersecurity@schneider-electric.com","published_at":"2020-11-19 22:15:00","updated_at":"2022-02-04 16:09:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","refsource":"MISC","tags":[],"title":"Schneider Electric Modicon M221 Programmable Logic Controller | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","name":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Notification - Modicon M221 Programmable Logic Controller | Schneider Electric","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-7568","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7568","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"7568","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7568","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7568","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"modicon_m221_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7568","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"modicon_m221_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7568","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"se","cpe5":"modicon_m221","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7568","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"se","cpe5":"modicon_m221_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-7568","qid":"590471","title":"Schneider Electric Modicon M221 Programmable Logic Controller Multiple Vulnerabilities (ICSA-20-343-04)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-7568","ASSIGNER":"cybersecurity@schneider-electric.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Modicon M221, all references, all versions","version":{"version_data":[{"version_value":"Modicon M221, all references, all versions"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor "}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/"},{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"}]},"description":{"description_data":[{"lang":"eng","value":"A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller."}]}},"nvd":{"publishedDate":"2020-11-19 22:15:00","lastModifiedDate":"2022-02-04 16:09:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:N/A:N","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3},"severity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"7568","Ordinal":"167847","Title":"CVE-2020-7568","CVE":"CVE-2020-7568","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"7568","Ordinal":"1","NoteData":"A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"7568","Ordinal":"2","NoteData":"2020-11-19","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"7568","Ordinal":"3","NoteData":"2020-12-11","Type":"Other","Title":"Modified"}]}}}