CyberSec.Space Logo
Back to CVE Browser

CVE-2020-28212

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0020%
EPSS Percentile18.81th
PublishedNov 19, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

Affected Platforms (CPE)

📦
Schneider Electric

Ecostruxure Control Expert

All versions

References & Advisories

🔗 https://www.se.com/ww/en/download/document/SEVD-2020-315-07
🔗 https://www.se.com/ww/en/download/document/SEVD-2020-315-07

Related Vulnerabilities

CVE-2020-74759.8

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vuln...

CVE-2020-74899.8

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists ...

CVE-2021-227799.1

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including a...

CVE-2020-75608.6

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former nam...