Cleartext transmission of sensitive information in Schneider Electric products - CVE-2020-7488
Published: April 28, 2020
Vulnerability identifier: #VU27382
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-7488
CWE-ID: CWE-319
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
EcoStruxure Machine Expert
SoMachine
SoMachine Motion
Modicon M218
Modicon M251
Modicon M258
Modicon M241
EcoStruxure Machine Expert
SoMachine
SoMachine Motion
Modicon M218
Modicon M251
Modicon M258
Modicon M241
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker on the local network with ability to intercept network traffic can gain access to sensitive data transmitted between the software and the Modicon controllers.
How to mitigate CVE-2020-7488
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.