What is CVE-2020-28214?

CVE-2020-28214 is a medium-severity vulnerability in Schneider-electric Modicon_m221, classified under CWE-760. CVSS score: 5.5/10. Published 2020-12-11.

How severe is CVE-2020-28214?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2020-28214 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Schneider-electric Modicon_m221

CVE-2020-28214

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tabl…

EPSS: 0.001 (26.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Schneider-electric Modicon_m221
Schneider-electric Modicon_m221_firmware
N/a Modicon M221 (All References, All Versions) — versions Modicon M221 (all references, all versions)

Weakness classification (CWE)

CWE-760

Public proof-of-concept exploits

References

cybersecurity@se.com (x_refsource_CONFIRM, Vendor Advisory)
cybersecurity@se.com (US Government Resource, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2020-28214?: CVE-2020-28214 is a medium-severity vulnerability in Schneider-electric Modicon_m221, classified under CWE-760. CVSS score: 5.5/10. Published 2020-12-11.
How severe is CVE-2020-28214?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2020-28214 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.