QSearchQSearch

CVE-2020-28214

5.5 MEDIUM

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could ...

Published: 2020-12-11 · Last updated: 2026-05-28

Severity and scoring

CVSS
5.5 MEDIUM
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-760

Affected products

VendorProduct
schneider-electricmodicon_m221_firmware

Description

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-6332 CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
  • CVE-2022-0715 A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
  • CVE-2021-22788 A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
  • CVE-2021-22787 A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
  • CVE-2021-22785 A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)

Same CWE

  • CVE-2026-46749 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (7.5 HIGH)
  • CVE-2026-9370 A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4 (3.7 LOW)