How severe is CVE-2020-7487?

CVE-2020-7487 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2020-7487

9.8CRITICAL

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.

Published: 4/22/2020Updated: 11/21/2024

Description

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.

AI AnalysisPowered by AI

Affected Products

schneider-electricecostruxure_machine_expert

schneider-electricsomachine

schneider-electricsomachine_motion

schneider-electricmodicon_m218_firmware

schneider-electricmodicon_m218

schneider-electricmodicon_m241_firmware

schneider-electricmodicon_m241

schneider-electricmodicon_m251_firmware

schneider-electricmodicon_m251

schneider-electricmodicon_m258_firmware

schneider-electricmodicon_m258

References

https://www.se.com/ww/en/download/document/SEVD-2020-105-02
Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-105-02
Vendor Advisory