CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-7475

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile35.50th
Published2020年3月23日
Last Modified2024年11月21日

Vulnerability Description

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.

Affected Platforms (CPE)

📦
Schneider Electric

Ecostruxure Control Expert

<= 14.0
📦
Schneider Electric

Unity Pro

All versions
💻
Schneider Electric

Modicon M340 Firmware

< 3.20
💻
Schneider Electric

Modicon M580 Firmware

< 3.10

References & Advisories

🔗 http://www.se.com/ww/en/download/document/SEVD-2020-080-01
🔗 http://www.se.com/ww/en/download/document/SEVD-2020-080-01

相关漏洞威胁

CVE-2020-74899.8

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists ...

CVE-2021-227799.1

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including a...

CVE-2020-75608.6

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former nam...

CVE-2021-227977.8

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause mali...