#VU27382 Cleartext transmission of sensitive information in Schneider Electric products - CVE-2020-7488
Published: April 28, 2020
Vulnerability identifier: #VU27382
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-7488
CWE-ID: CWE-319
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
EcoStruxure Machine Expert
SoMachine
SoMachine Motion
Modicon M218
Modicon M251
Modicon M258
Modicon M241
EcoStruxure Machine Expert
SoMachine
SoMachine Motion
Modicon M218
Modicon M251
Modicon M258
Modicon M241
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker on the local network with ability to intercept network traffic can gain access to sensitive data transmitted between the software and the Modicon controllers.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.