CVE-2017-7575 — Sensitive Information Exposure in Modicon Tm221ce16r Firmware

CWE-200 — Sensitive Information Exposure3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.4%
top 12.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Modicon Tm221ce16r Firmware
Timeline
PublishedApr 6
Latest updateMay 17

Description

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8m3c-jvc6-q3hr: Schneider Electric Modicon TM221CE16R 1↗2022-05-17
â–¶
CVEList
CVE-2017-7575: Schneider Electric Modicon TM221CE16R 1↗2017-04-06
â–¶
CVE-2017-7575 — Sensitive Information Exposure | cvebase