Vulnerabilities > CVE-2020-28214 - Use of a One-Way Hash with a Predictable Salt vulnerability in Schneider-Electric Modicon M221 Firmware

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

schneider-electric

CWE-760

NVD

Published: 2020-12-11

Updated: 2022-02-03

Summary

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Modicon M221 Firmware *	1
Hardware	Schneider-Electric Schneider Electric Modicon M221 -	1

Common Weakness Enumeration (CWE)

CWE-760 - Use of a One-Way Hash with a Predictable Salt

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-05/
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04