Small Space of Random Values

CVE-2020-7566

High

7.3/10

Summary

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-334 - Small Space of Random Values

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

References

Advisory Timeline

Published Nov 19, 2020

Small Space of Random Values

CVE-2020-7566

Summary

CWE-334 - Small Space of Random Values

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS