CVE-2017-7575
9.8 CRITICALSchneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x...
Published: 2017-04-06 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-200
Affected products
| Vendor | Product |
|---|---|
| schneider-electric | modicon_tm221ce16r_firmware |
Description
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2017-7575
- [Other]http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02
- [Other]http://www.securityfocus.com/bid/97523
- [Exploit reference]https://os-s.net/advisories/OSS-2017-01.pdf
- [Other]http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02
- [Other]http://www.securityfocus.com/bid/97523
- [Exploit reference]https://os-s.net/advisories/OSS-2017-01.pdf
Related CVEs
Same vendor
- CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
- CVE-2022-0715 — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
- CVE-2021-22788 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
- CVE-2021-22787 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
- CVE-2021-22785 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)
Same CWE
- CVE-2026-12203 — A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215 (5.3 MEDIUM)
- CVE-2026-49397 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)
- CVE-2026-47124 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)
- CVE-2026-54396 — An information disclosure vulnerability exists in the MISP AuthKey edit functionality
- CVE-2026-47264 — Discourse is an open-source discussion platform (5.3 MEDIUM)