Vulnerability Details CVE-2017-7575
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02
- http://www.securityfocus.com/bid/97523
- https://os-s.net/advisories/OSS-2017-01.pdf
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02
- http://www.securityfocus.com/bid/97523
- https://os-s.net/advisories/OSS-2017-01.pdf
Products affected by CVE-2017-7575
-
cpe:2.3:h:schneider-electric:modicon_tm221ce16r:-
-
cpe:2.3:o:schneider-electric:modicon_tm221ce16r_firmware:1.3.3.3