CVE-2020-7566
7.3 HIGHA CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker...
Published: 2020-11-19 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- CWE
- CWE-334
Affected products
| Vendor | Product |
|---|---|
| schneider-electric | modicon_m221_firmware |
Description
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-7566
- [Other]https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04
- [Vendor advisory]https://www.se.com/ww/en/download/document/SEVD-2020-315-05/
- [Other]https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04
- [Vendor advisory]https://www.se.com/ww/en/download/document/SEVD-2020-315-05/
Related CVEs
Same vendor
- CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
- CVE-2022-0715 — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
- CVE-2021-22788 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
- CVE-2021-22787 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
- CVE-2021-22785 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)