Details of VAR-202004-1858

ID

VAR-202004-1858

CVE

CVE-2020-7488

TITLE

plural Modicon Vulnerability in plaintext transmission of critical information in controller

Trust: 0.8

sources: JVNDB: JVNDB-2020-004650

DESCRIPTION

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company. There are security vulnerabilities in many Schneider Electric products

Trust: 2.25

sources: NVD: CVE-2020-7488 // JVNDB: JVNDB-2020-004650 // CNVD: CNVD-2021-25704 // VULHUB: VHN-185613

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-25704

AFFECTED PRODUCTS

vendor:	schneider electric	model:	somachine	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	somachine motion	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure machine expert	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m251	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m258	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m218	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m241	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure machine expert	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m218	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m241	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m251	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m258	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	somachine	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	somachine motion	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m218	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m251	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m241	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m258	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-25704 // JVNDB: JVNDB-2020-004650 // NVD: CVE-2020-7488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7488
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-004650
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-25704
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1945
value:	HIGH
Trust: 0.6
VULHUB:	VHN-185613
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-7488
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004650
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-25704
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-185613
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-7488
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004650
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-25704 // VULHUB: VHN-185613 // JVNDB: JVNDB-2020-004650 // CNNVD: CNNVD-202004-1945 // NVD: CVE-2020-7488

PROBLEMTYPE DATA

problemtype:

CWE-319

Trust: 1.9

sources: VULHUB: VHN-185613 // JVNDB: JVNDB-2020-004650 // NVD: CVE-2020-7488

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1945

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1945

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004650

PATCH

title:	SEVD-2020-105-02	url:	https://www.se.com/ww/en/download/document/SEVD-2020-105-02/	Trust: 0.8
title:	Patch for Unidentified vulnerabilities exist in many Schneider Electric products (CNVD-2021-25704)	url:	https://www.cnvd.org.cn/patchInfo/show/256501	Trust: 0.6
title:	Multiple Schneider Electric Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117009	Trust: 0.6

sources: CNVD: CNVD-2021-25704 // JVNDB: JVNDB-2020-004650 // CNNVD: CNNVD-202004-1945

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7488	Trust: 3.1
db:	SCHNEIDER	id:	SEVD-2020-105-02	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-004650	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-1945	Trust: 0.7
db:	CNVD	id:	CNVD-2021-25704	Trust: 0.6
db:	VULHUB	id:	VHN-185613	Trust: 0.1

sources: CNVD: CNVD-2021-25704 // VULHUB: VHN-185613 // JVNDB: JVNDB-2020-004650 // CNNVD: CNNVD-202004-1945 // NVD: CVE-2020-7488

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7488	Trust: 2.0
url:	https://www.se.com/ww/en/download/document/sevd-2020-105-02	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7488	Trust: 0.8

sources: CNVD: CNVD-2021-25704 // VULHUB: VHN-185613 // JVNDB: JVNDB-2020-004650 // CNNVD: CNNVD-202004-1945 // NVD: CVE-2020-7488

SOURCES

db:	CNVD	id:	CNVD-2021-25704
db:	VULHUB	id:	VHN-185613
db:	JVNDB	id:	JVNDB-2020-004650
db:	CNNVD	id:	CNNVD-202004-1945
db:	NVD	id:	CVE-2020-7488

LAST UPDATE DATE

2024-11-23T22:21:12.174000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-25704	date:	2021-04-08T00:00:00
db:	VULHUB	id:	VHN-185613	date:	2022-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-004650	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-1945	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-7488	date:	2024-11-21T05:37:14.697

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-25704	date:	2021-04-08T00:00:00
db:	VULHUB	id:	VHN-185613	date:	2020-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-004650	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-1945	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2020-7488	date:	2020-04-22T19:15:11.717