CRITICAL🇬🇧 English

CVE-2020-28212

CVSS 9.8v3.1pub. 2020-11-19upd. 2024-11-21

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Ecostruxure Control Expert

    APP
    Schneider-Electric
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-37300CRITICAL9.8ten sam produkt

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...

CVE-2022-26507CRITICAL9.8ten sam produkt

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted inp...

CVE-2021-22779CRITICAL9.1ten sam produkt

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...

CVE-2020-7475CRITICAL9.8ten sam produkt

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), ...

CVE-2023-27975HIGH7.1ten sam produkt

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to th...