cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-28214,https://securityvulnerability.io/vulnerability/CVE-2020-28214,Predictable Salt Vulnerability in Modicon M221 Product by Schneider Electric,"A vulnerability has been identified in the Modicon M221 product by Schneider Electric, stemming from the use of a predictable salt in its one-way hash implementation. This weakness facilitates attackers in pre-computing hash values through dictionary attack methods, such as rainbow tables. As a result, the effectiveness of the hash’s unpredictability is compromised, making the system susceptible to unauthorized access and data breaches.",Schneider Electric,"Modicon M221 (all References, All Versions)",5.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2020-12-11T00:51:01.000Z,0
CVE-2020-7568,https://securityvulnerability.io/vulnerability/CVE-2020-7568,Sensitive Information Exposure in Modicon M221 by Schneider Electric,"An exposure of sensitive information vulnerability exists in Modicon M221, allowing attackers to gain access to non-sensitive information by capturing the communication traffic between the EcoStruxure Machine - Basic software and the Modicon M221 controller. This vulnerability could facilitate unauthorized actors in acquiring information that is not typically meant for public access, potentially leading to further security breaches or targeted attacks.",Schneider Electric,"Modicon M221, All References, All Versions",4.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-11-19T21:10:33.000Z,0
CVE-2020-7567,https://securityvulnerability.io/vulnerability/CVE-2020-7567,Missing Encryption in Modicon M221 by Schneider Electric,"A vulnerability exists in the Modicon M221 controllers manufactured by Schneider Electric that stems from missing encryption for sensitive data. By capturing network traffic between the EcoStruxure Machine - Basic software and the Modicon M221 controller, an attacker could potentially retrieve the password hash. This situation underscores the importance of proper encryption practices to safeguard sensitive information and prevent unauthorized access.",Schneider Electric,"Modicon M221, All References, All Versions",5.7,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-11-19T21:10:27.000Z,0
CVE-2020-7566,https://securityvulnerability.io/vulnerability/CVE-2020-7566,Encryption Key Exposure in Modicon M221 Controllers by Schneider Electric,"A vulnerability in Modicon M221 controllers by Schneider Electric allows attackers to potentially compromise encryption keys when traffic is intercepted between EcoStruxure Machine - Basic software and the controller. This flaw arises from a limited randomness space, which could lead to predictable cryptographic values, exposing sensitive communication channels and potentially enabling unauthorized access to the system.",Schneider Electric,"Modicon M221, All References, All Versions",7.3,HIGH,0.0005499999970197678,false,,false,false,false,,,false,false,,2020-11-19T21:10:22.000Z,0
CVE-2020-7565,https://securityvulnerability.io/vulnerability/CVE-2020-7565,Inadequate Encryption in Modicon M221 by Schneider Electric,"A vulnerability exists in the Modicon M221 by Schneider Electric, where inadequate encryption strength may allow an attacker to decrypt sensitive data. This occurs when the attacker successfully captures traffic between the EcoStruxure Machine - Basic software and the Modicon M221 controller, potentially compromising the integrity of communications and exposing critical operational data.",Schneider Electric,"Modicon M221, All References, All Versions",7.3,HIGH,0.0005499999970197678,false,,false,false,false,,,false,false,,2020-11-19T21:10:09.000Z,0
CVE-2018-7823,https://securityvulnerability.io/vulnerability/CVE-2018-7823,Remote Launch Vulnerability in SoMachine Basic and Modicon M221 by Schneider Electric,"An Environment vulnerability identified in SoMachine Basic allows attackers to remotely launch the application by sending specially crafted Ethernet messages. This affects all versions of SoMachine Basic, as well as Modicon M221 devices with firmware versions prior to V1.10.0.0, potentially exposing critical systems to exploitation.",Schneider Electric,"Somachine Basic And Modicon M221, Somachine Basic, All Versions Modicon M221, All References, All Versions Prior To Firmware V1.10.0.0",5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2019-05-22T19:37:45.000Z,0
CVE-2018-7822,https://securityvulnerability.io/vulnerability/CVE-2018-7822,Incorrect Default Permissions Vulnerability in SoMachine Basic by Schneider Electric,"An incorrect default permissions vulnerability exists in SoMachine Basic and Modicon M221, allowing unauthorized access to sensitive resource files on systems utilizing SoMachine Basic. This issue may expose crucial configuration and operational data, creating potential security risks for users who do not update their systems or apply the appropriate security measures.",Schneider Electric,"Somachine Basic And Modicon M221, Somachine Basic, All Versions Modicon M221, All References, All Versions Prior To Firmware V1.10.0.0",5.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2019-05-22T19:37:16.000Z,0
CVE-2018-7821,https://securityvulnerability.io/vulnerability/CVE-2018-7821,Environment Vulnerability in SoMachine Basic and Modicon M221 by Schneider Electric,"An environment vulnerability exists in SoMachine Basic and Modicon M221, which can lead to significant cycle time degradation. When the Ethernet/IP adapter is activated, excessive flooding of the M221's Ethernet interface can disrupt normal operations, potentially impacting system performance and efficiency. Users should ensure firmware is updated to version V1.10.0.0 or higher to mitigate this issue.",Schneider Electric,"Somachine Basic And Modicon M221, Somachine Basic, All Versions Modicon M221, All References, All Versions Prior To Firmware V1.10.0.0",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2019-05-22T19:36:47.000Z,0
CVE-2018-7790,https://securityvulnerability.io/vulnerability/CVE-2018-7790,,"An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.",Schneider Electric,"Modicon M221, All References, All Versions Prior To Firmware V1.6.2.0",9.8,CRITICAL,0.0022700000554323196,false,,false,false,false,,,false,false,,2018-08-29T21:29:00.000Z,0
CVE-2018-7792,https://securityvulnerability.io/vulnerability/CVE-2018-7792,,"A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.",Schneider Electric,"Modicon M221, All References, All Versions Prior To Firmware V1.6.2.0",7.5,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2018-08-29T21:29:00.000Z,0
CVE-2018-7791,https://securityvulnerability.io/vulnerability/CVE-2018-7791,,"A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.",Schneider Electric,"Modicon M221, All References, All Versions Prior To Firmware V1.6.2.0",9.8,CRITICAL,0.0022899999748915434,false,,false,false,false,,,false,false,,2018-08-29T21:29:00.000Z,0
CVE-2018-7789,https://securityvulnerability.io/vulnerability/CVE-2018-7789,,"An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.",Schneider Electric,"Modicon M221, All References, All Versions Prior To Firmware V1.6.2.0",7.5,HIGH,0.002420000033453107,false,,false,false,false,,,false,false,,2018-08-29T20:29:00.000Z,0