VDB
SEVD-2020-315-05
SEVD-2020-315-05
PUBLISHED
CVSS 7.099999904632568 HIGH
Schneider Electric is aware of multiple vulnerabilities in its Modicon M100, M200, and M221 products. The Modicon M100/M200/M221 are Nano Programmable Logic Controllers (PLC) made to control basic automation for machines. The M100/M200/M221 are configured using Machine Expert - Basic software. Failure to apply the mitigations provided below may allow unauthorized users to replay authentication sequences, which could result in an attacker taking control over the PLC. January 2021 update: Added Modicon M100 and M200 to the list of affected products.
Risk Scores
CVSS v3.1
7.099999904632568
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric Modicon M200 all references all versions | ||
| Schneider Electric Modicon M100 all references all versions | ||
| Schneider Electric Modicon M221 all references all versions |
Timeline
- Nov 10, 2020 CVE Published
- Jan 12, 2021 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2020-315-05.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2020-315-05.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url