Details of VAR-202011-1276

ID

VAR-202011-1276

CVE

CVE-2020-7565

TITLE

Modicon M221 Vulnerability in cryptography

Trust: 0.8

sources: JVNDB: JVNDB-2020-013656

DESCRIPTION

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Modicon TM221 is a programmable controller of Schneider Electric (China) Co., Ltd., used for single device control architecture. Schneider Electric (China) Co., Ltd. Modicon TM221 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2020-7565 // JVNDB: JVNDB-2020-013656 // CNVD: CNVD-2024-38820 // VULMON: CVE-2020-7565

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-38820

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m221	scope:	eq	version:	-	Trust: 1.8
vendor:	schneider electric	model:	modicon m221	scope:	eq	version:	modicon m221 firmware	Trust: 0.8
vendor:	schneider electric	model:	modicon tm221	scope:	eq	version:	v1.13.1.0	Trust: 0.6

sources: CNVD: CNVD-2024-38820 // JVNDB: JVNDB-2020-013656 // NVD: CVE-2020-7565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7565
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-7565
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-38820
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202011-1670
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-7565
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-7565
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2024-38820
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7565
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2020-7565
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-38820 // VULMON: CVE-2020-7565 // JVNDB: JVNDB-2020-013656 // CNNVD: CNNVD-202011-1670 // NVD: CVE-2020-7565

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.0
problemtype:	Inadequate encryption strength (CWE-326) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013656 // NVD: CVE-2020-7565

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1670

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202011-1670

PATCH

title:	SEVD-2020-315-05	url:	https://www.se.com/ww/en/download/document/SEVD-2020-315-05/	Trust: 0.8
title:	Patch for Schneider Electric (China) Co., Ltd. Modicon TM221 has an information leakage vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/593141	Trust: 0.6
title:	Schneider Electric Modicon M221 Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135518	Trust: 0.6
title:	CVE-2020-7565	url:	https://github.com/AlAIAL90/CVE-2020-7565	Trust: 0.1

sources: CNVD: CNVD-2024-38820 // VULMON: CVE-2020-7565 // JVNDB: JVNDB-2020-013656 // CNNVD: CNNVD-202011-1670

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7565	Trust: 3.1
db:	ICS CERT	id:	ICSA-20-343-04	Trust: 2.5
db:	SCHNEIDER	id:	SEVD-2020-315-05	Trust: 1.7
db:	JVN	id:	JVNVU91936841	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-013656	Trust: 0.8
db:	CNVD	id:	CNVD-2024-38820	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-1670	Trust: 0.6
db:	VULMON	id:	CVE-2020-7565	Trust: 0.1

sources: CNVD: CNVD-2024-38820 // VULMON: CVE-2020-7565 // JVNDB: JVNDB-2020-013656 // CNNVD: CNNVD-202011-1670 // NVD: CVE-2020-7565

REFERENCES

url:	https://www.se.com/ww/en/download/document/sevd-2020-315-05/	Trust: 1.7
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7565	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91936841/	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04¥	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/326.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2020-7565	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-7565 // JVNDB: JVNDB-2020-013656 // CNNVD: CNNVD-202011-1670 // NVD: CVE-2020-7565

SOURCES

db:	CNVD	id:	CNVD-2024-38820
db:	VULMON	id:	CVE-2020-7565
db:	JVNDB	id:	JVNDB-2020-013656
db:	CNNVD	id:	CNNVD-202011-1670
db:	NVD	id:	CVE-2020-7565

LAST UPDATE DATE

2024-11-23T21:58:53.449000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-38820	date:	2024-09-23T00:00:00
db:	VULMON	id:	CVE-2020-7565	date:	2021-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-013656	date:	2021-07-09T06:22:00
db:	CNNVD	id:	CNNVD-202011-1670	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-7565	date:	2024-11-21T05:37:23.323

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-38820	date:	2024-10-07T00:00:00
db:	VULMON	id:	CVE-2020-7565	date:	2020-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-013656	date:	2021-07-09T00:00:00
db:	CNNVD	id:	CNNVD-202011-1670	date:	2020-11-19T00:00:00
db:	NVD	id:	CVE-2020-7565	date:	2020-11-19T22:15:14.943