CVE-2020-7487

🗓️ 22 Apr 2020 18:50:25Reported by schneiderType

Insufficient Data Authenticity Verification on Modicon Controller

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of microprogrammed software for Modicon M218, M218, M241, M251, and M258 logic controllers lies in insufficient data authenticity checking, allowing attackers to execute arbitrary codes.	26 Aug 202100:00	–	bdu_fstec
CNVD	Multiple Schneider Electric Products Data Forgery Issue Vulnerabilities	23 Apr 202000:00	–	cnvd
CVE	CVE-2020-7487	22 Apr 202018:50	–	cve
EUVD	EUVD-2020-28612	7 Oct 202500:30	–	euvd
NVD	CVE-2020-7487	22 Apr 202019:15	–	nvd
Tenable Nessus	Se Ecostruxure Insufficient Verification of Data Authenticity	10 Aug 202100:00	–	nessus
Tenable Nessus	Schneider Electric Modicon Insufficient Verification of Data Authenticity (CVE-2020-7487)	1 Mar 202300:00	–	nessus
Prion	Design/Logic Flaw	22 Apr 202019:15	–	prion
RedhatCVE	CVE-2020-7487	9 Jan 202609:59	–	redhatcve

[
  {
    "product": "EcoStruxure Machine Expert (all versions)SoMachine, SoMachine Motion (all versions)Modicon M218 Logic Controller (all versions)Modicon M241 Logic Controller (all versions)Modicon M251 Logic Controller (all versions)Modicon M258 Logic Controller (all versions)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EcoStruxure Machine Expert (all versions)SoMachine, SoMachine Motion (all versions)Modicon M218 Logic Controller (all versions)Modicon M241 Logic Controller (all versions)Modicon M251 Logic Controller (all versions)Modicon M258 Logic Controller (all versions)"
      }
    ]
  }
]

Source	Link
se	www.se.com/ww/en/download/document/SEVD-2020-105-02

22 Apr 2020 18:50Current

9.6High risk

Vulners AI Score9.6

EPSS0.00219

CWE-345