CVE-2020-7489

CVSS 9.8 CRITICALEPSS 1.5%CWE-74

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

n/a · SoMachine Basic (all versions)EcoStruxure Machine Expert – Basic (all versions)Modicon M100 Logic Controller (all versions)Modicon M200 Logic Controller (all versions)Modicon M221 Logic Controller (all versions)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.se.com/ww/en/download/document/SEVD-2020-105-01