CVE-2020-28213

2020-11-1921:03:54

CWE-494

schneider

www.cve.org

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.7%

JSON

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.

CNA Affected

[
  {
    "product": "PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) ",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)"
      }
    ]
  }
]

References

www.se.com/ww/en/download/document/SEVD-2020-315-07