CVE-2020-7567
Description
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing encryption of sensitive data in Schneider Electric Modicon M221 PLC allows an attacker to recover password hash after breaking weak encryption keys.
Vulnerability
CVE-2020-7567 is a CWE-311 missing encryption of sensitive data vulnerability affecting all references and all versions of the Schneider Electric Modicon M221 programmable logic controller. The controller's password hash is transmitted without proper encryption over the network when using EcoStruxure Machine - Basic software for programming and configuration. This flaw is exploitable after an attacker first captures the encrypted traffic and breaks the weak encryption keys (related to CVE-2020-7565 and CVE-2020-7566) [1].
Exploitation
To exploit this vulnerability, an attacker must be on an adjacent network layer (AV:A) with the ability to capture network traffic between the EcoStruxure Machine - Basic software and the targeted Modicon M221 controller. The attacker then needs to break the weak encryption keys used in the protocol (leveraging the inadequate encryption strength CWE-326 and small random space CWE-334 issues). Once the keys are compromised, the attacker can extract the password hash from the previously captured traffic. The CVSS attack complexity is high (AC:H), and user interaction is required (UI:R) – likely meaning a legitimate user must be actively communicating with the PLC [1].
Impact
Successful exploitation results in the attacker obtaining the plaintext password hash of the controller. With the password hash, the attacker could attempt offline brute-force or pass-the-hash attacks, potentially gaining unauthorized access and full control over the PLC. This could lead to exposure of sensitive information, disruption of industrial processes, and compromise of the controller's integrity [1].
Mitigation
Schneider Electric has not released a specific patch for CVE-2020-7567 at the time of publication. The CISA advisory recommends users apply defense-in-depth measures, restrict network access to the PLC to trusted devices, use VPNs or firewalls to segment the control network, and monitor for suspicious traffic. No workaround eliminates the missing encryption of the password hash, but hardening network security reduces the likelihood of successful traffic capture and key-breaking attacks. The vulnerability is not listed on the CISA KEV [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Schneider Electric/Modicon M221description
- Range: all versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- us-cert.cisa.gov/ics/advisories/icsa-20-343-04mitrex_refsource_MISC
- www.se.com/ww/en/download/document/SEVD-2020-315-05/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.