HIGH🇵🇱 Wersja polska

CVE-2020-7560

CVSS 8.6v3.1pub. 2020-12-11upd. 2024-11-21

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Schneider Electric Ecostruxure Control Expert

    APP
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Unity Pro

    APP
    Schneider-Electric
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2022-37300CRITICAL9.8ten sam produkt

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...

CVE-2022-26507CRITICAL9.8ten sam produkt

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted inp...

CVE-2021-22779CRITICAL9.1ten sam produkt

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...

CVE-2020-28212CRITICAL9.8ten sam produkt

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on ...

CVE-2020-7475CRITICAL9.8ten sam produkt

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), ...

CVE-2020-7560 — Schneider-Electric — Ecostruxure Control Expert — HIGH — CVSS 8.6 | CVEbaza.pl