CVE-2020-7475
Last modified
CVE-2020-7475 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.. EPSS estimates a 1.54% chance of exploitation in the next 30 days.
Description
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Control Expert | <= 14.0 |
| Schneider-Electric | Unity Pro | All versions |
| Schneider-Electric | Modicon M340 Firmware | < 3.20 |
| Schneider-Electric | Modicon M580 Firmware | < 3.10 |
References
- http://www.se.com/ww/en/download/document/SEVD-2020-080-01Vendor Advisory
- http://www.se.com/ww/en/download/document/SEVD-2020-080-01Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7475?
How severe is CVE-2020-7475?
How do I fix CVE-2020-7475?
Are you affected by CVE-2020-7475?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST