CyberSec.Space Logo
Back to CVE Browser

CVE-2020-7475

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile35.50th
PublishedMar 23, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.

Affected Platforms (CPE)

📦
Schneider Electric

Ecostruxure Control Expert

<= 14.0
📦
Schneider Electric

Unity Pro

All versions
💻
Schneider Electric

Modicon M340 Firmware

< 3.20
💻
Schneider Electric

Modicon M580 Firmware

< 3.10

References & Advisories

🔗 http://www.se.com/ww/en/download/document/SEVD-2020-080-01
🔗 http://www.se.com/ww/en/download/document/SEVD-2020-080-01

Related Vulnerabilities

CVE-2020-74899.8

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists ...

CVE-2021-227799.1

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including a...

CVE-2020-75608.6

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former nam...

CVE-2021-227977.8

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause mali...