A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
CPE | Name | Operator | Version |
---|---|---|---|
ecostruxure_operator_terminal_expert | eq | 3.1 | |
ecostruxure_operator_terminal_expert | eq | 3.1 sp1a | |
pro-face_blue | eq | 3.1 sp1a | |
pro-face_blue | eq | 3.1 |