CVE-2020-7489

2020-04-2218:15:57

CWE-74

schneider

www.cve.org

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.6%

JSON

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.

CNA Affected

[
  {
    "product": "SoMachine Basic (all versions)EcoStruxure Machine Expert – Basic (all versions)Modicon M100 Logic Controller (all versions)Modicon M200 Logic Controller (all versions)Modicon M221 Logic Controller (all versions)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "SoMachine Basic (all versions)EcoStruxure Machine Expert – Basic (all versions)Modicon M100 Logic Controller (all versions)Modicon M200 Logic Controller (all versions)Modicon M221 Logic Controller (all versions)"
      }
    ]
  }
]

References

www.se.com/ww/en/download/document/SEVD-2020-105-01