Code injection

2023-06-1408:15:00

PRIOn knowledge base

www.prio-n.com

cwe-94

improper control

generation of code

vulnerability

execution

malicious code

local filesystem

hmi

0.0004 Low

EPSS

Percentile

16.1%

JSON

A CWE-94: Improper Control of Generation of Code (‘Code Injection’) vulnerability exists that
could cause execution of malicious code when an unsuspicious user loads a project file from the
local filesystem into the HMI.

CPENameOperatorVersion
ecostruxure_operator_terminal_experteq3.3
ecostruxure_operator_terminal_expertlt3.3
ecostruxure_operator_terminal_experteq3.3 sp1
pro-face_blueeq3.3
pro-face_bluelt3.3
pro-face_blueeq3.3 sp1

Name	Operator	Version
ecostruxure_operator_terminal_expert	eq	3.3
ecostruxure_operator_terminal_expert	lt	3.3
ecostruxure_operator_terminal_expert	eq	3.3 sp1
pro-face_blue	eq	3.3
pro-face_blue	lt	3.3
pro-face_blue	eq	3.3 sp1