cnvd - cnvd-2024-38820

cnvd-2024-38820

Vulnerability from cnvd

Title: 施耐德电气（中国）有限公司Modicon TM221存在信息泄露漏洞

Description:

Modicon TM221是施耐德电气（中国）有限公司的一种可编程控制器，用于单一设备控制架构。

施耐德电气（中国）有限公司Modicon TM221存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。

Severity: 中

Patch Name: 施耐德电气（中国）有限公司Modicon TM221存在信息泄露漏洞的补丁

Patch Description:

Modicon TM221是施耐德电气（中国）有限公司的一种可编程控制器，用于单一设备控制架构。

施耐德电气（中国）有限公司Modicon TM221存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已提供漏洞修补方案，请关注厂商主页及时更新： https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-05&p_enDocType=EDMS

Impacted products

Name
施耐德电气（中国）有限公司 Modicon TM221 V1.13.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7565"
    }
  },
  "description": "Modicon TM221\u662f\u65bd\u8010\u5fb7\u7535\u6c14\uff08\u4e2d\u56fd\uff09\u6709\u9650\u516c\u53f8\u7684\u4e00\u79cd\u53ef\u7f16\u7a0b\u63a7\u5236\u5668\uff0c\u7528\u4e8e\u5355\u4e00\u8bbe\u5907\u63a7\u5236\u67b6\u6784\u3002\n\n\u65bd\u8010\u5fb7\u7535\u6c14\uff08\u4e2d\u56fd\uff09\u6709\u9650\u516c\u53f8Modicon TM221\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "\u53d1\u73b0\u8005\uff1a\u5510\u542f\u52cb\u3001\u595a\u9526\u6587\u3001\u5f90\u606a\u3001\u5218\u654f\uff1b\u53d1\u73b0\u5355\u4f4d\uff1a\u4e2d\u79d1\u9662\u8ba1\u7b97\u6240\u3001\u5317\u4eac\u4e2d\u5173\u6751\u5b9e\u9a8c\u5ba4\u3001\u6e05\u534e\u5927\u5b66",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-05\u0026p_enDocType=EDMS",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38820",
  "openTime": "2024-10-07",
  "patchDescription": "Modicon TM221\u662f\u65bd\u8010\u5fb7\u7535\u6c14\uff08\u4e2d\u56fd\uff09\u6709\u9650\u516c\u53f8\u7684\u4e00\u79cd\u53ef\u7f16\u7a0b\u63a7\u5236\u5668\uff0c\u7528\u4e8e\u5355\u4e00\u8bbe\u5907\u63a7\u5236\u67b6\u6784\u3002\r\n\r\n\u65bd\u8010\u5fb7\u7535\u6c14\uff08\u4e2d\u56fd\uff09\u6709\u9650\u516c\u53f8Modicon TM221\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u65bd\u8010\u5fb7\u7535\u6c14\uff08\u4e2d\u56fd\uff09\u6709\u9650\u516c\u53f8Modicon TM221\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "\u65bd\u8010\u5fb7\u7535\u6c14\uff08\u4e2d\u56fd\uff09\u6709\u9650\u516c\u53f8 Modicon TM221 V1.13.1.0"
  },
  "serverity": "\u4e2d",
  "submitTime": "2024-08-23",
  "title": "\u65bd\u8010\u5fb7\u7535\u6c14\uff08\u4e2d\u56fd\uff09\u6709\u9650\u516c\u53f8Modicon TM221\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2020-7565 (GCVE-0-2020-7565)

Vulnerability from cvelistv5

Published

2020-11-19 21:10

Modified

2024-08-04 09:33

Severity ?

CWE

CWE-326 - Inadequate Encryption Strength

Summary

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

References

▼	URL	Tags
	https://www.se.com/ww/en/download/document/SEVD-2020-315-05/	x_refsource_MISC
	https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Modicon M221, all references, all versions	Version: Modicon M221, all references, all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.843Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-05/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M221, all references, all versions",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M221, all references, all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326: Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-11T20:30:55",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-05/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7565",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M221, all references, all versions",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M221, all references, all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-326: Inadequate Encryption Strength"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-05/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-05/"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7565",
    "datePublished": "2020-11-19T21:10:09",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted