Lucene search

[email protected]NVD:CVE-2020-7487

HistoryApr 22, 2020 - 7:15 p.m.

CVE-2020-7487

2020-04-2219:15:11

CWE-345

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.

Affected configurations

Nvd

Node

schneider-electricecostruxure_machine_expert

schneider-electricsomachine

schneider-electricsomachine_motion

Node

schneider-electricmodicon_m218_firmware

AND

schneider-electricmodicon_m218Match-

Node

schneider-electricmodicon_m241_firmware

AND

schneider-electricmodicon_m241Match-

Node

schneider-electricmodicon_m251_firmware

AND

schneider-electricmodicon_m251Match-

Node

schneider-electricmodicon_m258_firmware

AND

schneider-electricmodicon_m258Match-

References

www.se.com/ww/en/download/document/SEVD-2020-105-02

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Related for NVD:CVE-2020-7487

prion1 nessus2 cve1 cvelist1