Vulnerability in Schneider-electric Ecostruxure_control_expert
CVE-2020-7475
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions)…
EPSS: 0.015 (71.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Schneider-electric Ecostruxure_control_expert
- Schneider-electric Modicon_m340
- Schneider-electric Modicon_m340_firmware
- Schneider-electric Modicon_m580
- Schneider-electric Modicon_m580_firmware
- Schneider-electric Unity_pro
- N/a Ecostruxure Control Expert (All Versions Prior To 14.1 Hot Fix), Unity Pro Versions), Modicon M340 V3.20), M580 V3.10) — versions EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)
Weakness classification (CWE)
References
- cybersecurity@se.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-7475?
- CVE-2020-7475 is a critical-severity vulnerability in Schneider-electric Ecostruxure_control_expert, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 9.8/10. Published 2020-03-23.
- How severe is CVE-2020-7475?
- Critical severity. CVSS v3 base score is 9.8 out of 10.