CVE-2020-28214 — Vulnetix

CVE-2020-28214 PUBLISHED CVSS 5.5 MEDIUM

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.

EPSS 0.09% · 26.0th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.09%

26.0th percentile

Affected Products

Vendor	Product	Versions
schneider-electric	modicon_m221_firmware
n/a	Modicon M221 (all references, all versions)	*

Timeline

Dec 8, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 20, 2021 EPSS Score
Oct 11, 2021 EPSS Score
Oct 25, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 2, 2022 EPSS Score

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-05/ url
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04 url
https://nvd.nist.gov/vuln/detail/CVE-2020-28214 advisory
https://www.se.com/ww/en/download/document/SEVD-2020-315-05 url

Open in Interactive Console →