← back
CVE-2020-28221

CVE-2020-28221

EPSS 1.8%CWE-20
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
Affected products
n/a · EcoStruxure™ Operator Terminal Expert 3.1 Service Pack 1A and prior running on Harmony HMIs HMIST6 Series, HMIG3U in HMIGTU Series, HMISTO Series and Pro-face BLUE 3.1 Service Pack 1A and prior running on Pro-face HMIs: ST6000 Series, SP-5B41 in SP5000 Series, GP4100 Series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.se.com/ww/en/download/document/SEVD-2021-012-01/