CVE-2020-28214

Vulnerability

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in all references and versions of the Schneider Electric Modicon M221 Programmable Logic Controller [1]. The product uses a predictable salt when computing password hashes, which does not provide the protection that an unpredictable salt would [1].

Exploitation

An attacker with access to the network traffic between the EcoStruxure Machine - Basic software and the Modicon M221 controller can capture password hashes [1]. By pre-computing hash values using dictionary attack techniques such as rainbow tables, the attacker can effectively bypass the protection intended by the salt [1]. The attack requires adjacent network access and user interaction, but no privileges [1].

Impact

Successful exploitation could allow an attacker to gain unauthorized access to the PLC and take control over the controller, leading to exposure of sensitive information and potential compromise of the control system [1]. The CVSS v3 base score is 7.1, with impacts on confidentiality, integrity, and availability all rated high [1].

Mitigation

Schneider Electric recommends that customers update EcoStruxure Machine - Basic software to the latest version as soon as possible [1]. For Modicon M221 firmware, contact Schneider Electric support for remediation guidance [1]. Until patched, users should restrict physical access and network access to the controller [1].