CRITICAL🇵🇱 Wersja polska

CVE-2020-7475

CVSS 9.8v3.1pub. 2020-03-23upd. 2024-11-21

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Ecostruxure Control Expert

    APP
    Schneider-Electric
    ≤ 14.0
  • Schneider Electric Modicon M340

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Firmware

    OS
    Schneider-Electric
    < 3.20
  • Schneider Electric Modicon M580

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Firmware

    OS
    Schneider-Electric
    < 3.10
  • Schneider Electric Unity Pro

    APP
    Schneider-Electric
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-37300CRITICAL9.8ten sam produkt

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...

CVE-2022-26507CRITICAL9.8ten sam produkt

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted inp...

CVE-2021-22779CRITICAL9.1ten sam produkt

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...

CVE-2020-28212CRITICAL9.8ten sam produkt

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on ...

CVE-2018-7847CRITICAL9.8ten sam produkt

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Mod...