CVE-2020-28214

MEDIUM5.5

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide

Published Dec 11, 2020

Modified 1 years ago

Details

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.

References

WEB

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2020-28214

WEB

https://www.se.com/ww/en/download/document/SEVD-2020-315-05/

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector