What is CVE-2016-8354?

CVE-2016-8354 is a high-severity vulnerability in Schneider-electric Unity_pro, classified under Code Injection. CVSS score: 7.0/10. Published 2017-02-13.

How severe is CVE-2016-8354?

High severity. CVSS v3 base score is 7.0 out of 10.

RCE in Schneider-electric Unity_pro

CVE-2016-8354

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directl…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.002 (37.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Schneider-electric Unity_pro
N/a Schneider Electric Unity Pro Control Prior To V11.1 — versions Schneider Electric Unity PRO Control prior to V11.1

Weakness classification (CWE)

CWE-94 — Code Injection

References

ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-8354?: CVE-2016-8354 is a high-severity vulnerability in Schneider-electric Unity_pro, classified under Code Injection. CVSS score: 7.0/10. Published 2017-02-13.
How severe is CVE-2016-8354?: High severity. CVSS v3 base score is 7.0 out of 10.