How severe is CVE-2020-28213?

CVE-2020-28213 has a CVSS v3 score of 8.8 (HIGH).

CVE-2020-28213

Name: ecostruxure_control_expert
Author: schneider-electric

8.8HIGH

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution

发布于: 11/19/2020更新于: 11/21/2024

描述

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.

AI分析AI驱动

受影响产品

schneider-electricecostruxure_control_expert

参考资料

https://www.se.com/ww/en/download/document/SEVD-2020-315-07
PatchVendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-315-07
PatchVendor Advisory