CRITICAL🇵🇱 Wersja polska

CVE-2017-7574

CVSS 9.8v3.1pub. 2017-04-06upd. 2026-05-29

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Modicon Tm221ce16r

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Tm221ce16r Firmware

    OS
    Schneider-Electric
    1.3.3.3
  • Schneider Electric Somachine

    APP
    Schneider-Electric
    1.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-7487CRITICAL9.8ten sam produkt

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker ...

CVE-2017-7575CRITICAL9.8ten sam produkt

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-prote...

CVE-2020-7488HIGH7.5ten sam produkt

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive inf...

CVE-2017-7966HIGH8.8ten sam produkt

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows...

CVE-2014-9200HIGH7.5ten sam produkt

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pr...