Schneider-Electric Modicon Tm221Ce16R Firmware vulnerabilities
2 known vulnerabilities affecting schneider-electric/modicon_tm221ce16r_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2017-7574CRITICALCVSS 9.8v1.3.3.32017-04-06
CVE-2017-7574 [CRITICAL] CWE-798 CVE-2017-7574: Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for e
nvd
CVE-2017-7575CRITICALCVSS 9.8v1.3.3.32017-04-06
CVE-2017-7575 [CRITICAL] CWE-200 CVE-2017-7575: Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the applica
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.
nvd