CVE-2017-7575

Published: Apr 6, 2017Modified: May 29, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.

Affected (1)

Products: Schneider Electric: Modicon Tm221ce16r Firmware

Schneider Electric

1 product

Modicon Tm221ce16r Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon Tm221ce16r Firmware	Version 1.3.3.3

Running on/with	Platform Versions
Schneider Electric Modicon Tm221ce16r	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02

Source: cve@mitre.org

http://www.securityfocus.com/bid/97523

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://os-s.net/advisories/OSS-2017-01.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/97523

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://os-s.net/advisories/OSS-2017-01.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.