CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28214

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.6%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

Products affected by CVE-2020-28214

Schneider-Electric » Modicon M221 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_m221:-
Schneider-Electric » Modicon M221 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:modicon_m221_firmware:-
Schneider-Electric » Modicon M221 Firmware » Version: 1.1.1.5

cpe:2.3:o:schneider-electric:modicon_m221_firmware:1.1.1.5
Schneider-Electric » Modicon M221 Firmware » Version: 1.10.0.0

cpe:2.3:o:schneider-electric:modicon_m221_firmware:1.10.0.0
Schneider-Electric » Modicon M221 Firmware » Version: 1.6.2.0

cpe:2.3:o:schneider-electric:modicon_m221_firmware:1.6.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28214

Products

Pricing

Contact Us