var-202011-0885
Vulnerability from variot
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. PLC Simulator for EcoStruxure Control Expert and PLC Simulator for Unity Pro Is vulnerable to several vulnerabilities: ‥ * Buffer overflow (CWE-120) - CVE-2020-7559 ‥ * Improper checking in exceptional conditions of the program (CWE-754) - CVE-2020-7538 ‥ * Illegal authentication (CWE-863) - CVE-2020-28211 ‥ * Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-28212 ‥ * Incomplete integrity verification of downloaded code (CWE-494) - CVE-2020-28213The expected impact depends on each vulnerability, but it may be affected as follows. ‥ * By a remote third party Modbus If you send a specially crafted request via EcoStruxure Control Expert of PLC Simulator Is crashed - CVE-2020-7559 , CVE-2020-7538 ‥ * Authentication is bypassed if the memory is overwritten by a local third party using the debugger - CVE-2020-28211 ‥ * By a remote third party Modbus Brute force attack via brute force executes unauthorized commands - CVE-2020-28212 ‥ * By a remote third party Modbus If a specially crafted request is sent via, an unauthorized command will be executed - CVE-2020-28213. Schneider Electric EcoStruxure Control Expert is a universal programming, debugging and operating software for Modicon M340, M580, M580S, Premium, Momentum and Quantum series.
Schneider Electric EcoStruxure Control Expert has a command execution vulnerability. Attackers can use this vulnerability to execute commands by sending specially crafted requests through Modbus
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202011-0885", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "plc simulator", "scope": "eq", "trust": 0.8, "vendor": "schneider electric", "version": "for ecostruxure control expert \u5168\u3066" }, { "model": "plc simulator", "scope": "eq", "trust": 0.8, "vendor": "schneider electric", "version": "for unity pro (\u65e7\u79f0\uff1aecostruxure control expert) \u5168\u3066" }, { "model": "electric ecostruxure control expert", "scope": null, "trust": 0.6, "vendor": "schneider", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-29462" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "NVD", "id": "CVE-2020-28213" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:schneider_electric:plc_simulator", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-009547" } ] }, "cve": "CVE-2020-28213", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2020-28213", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2021-29462", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-28213", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "IPA score", "availabilityImpact": "High", "baseScore": 10, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-009547", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "IPA score", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-009547", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA score", "availabilityImpact": "None", "baseScore": 7.4, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-009547", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "IPA score", "availabilityImpact": "High", "baseScore": 9.1, "baseSeverity": "Critical", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-009547", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "IPA score", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-009547", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "IPA", "id": "JVNDB-2020-009547", "trust": 2.4, "value": "High" }, { "author": "IPA", "id": "JVNDB-2020-009547", "trust": 1.6, "value": "Critical" }, { "author": "nvd@nist.gov", "id": "CVE-2020-28213", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-29462", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202011-1679", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-29462" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "CNNVD", "id": "CNNVD-202011-1679" }, { "db": "NVD", "id": "CVE-2020-28213" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxure\u00aa Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. PLC Simulator for EcoStruxure Control Expert and PLC Simulator for Unity Pro Is vulnerable to several vulnerabilities: \u2025 * Buffer overflow (CWE-120) - CVE-2020-7559 \u2025 * Improper checking in exceptional conditions of the program (CWE-754) - CVE-2020-7538 \u2025 * Illegal authentication (CWE-863) - CVE-2020-28211 \u2025 * Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-28212 \u2025 * Incomplete integrity verification of downloaded code (CWE-494) - CVE-2020-28213The expected impact depends on each vulnerability, but it may be affected as follows. \u2025 * By a remote third party Modbus If you send a specially crafted request via EcoStruxure Control Expert of PLC Simulator Is crashed - CVE-2020-7559 , CVE-2020-7538 \u2025 * Authentication is bypassed if the memory is overwritten by a local third party using the debugger - CVE-2020-28211 \u2025 * By a remote third party Modbus Brute force attack via brute force executes unauthorized commands - CVE-2020-28212 \u2025 * By a remote third party Modbus If a specially crafted request is sent via, an unauthorized command will be executed - CVE-2020-28213. Schneider Electric EcoStruxure Control Expert is a universal programming, debugging and operating software for Modicon M340, M580, M580S, Premium, Momentum and Quantum series. \n\r\n\r\nSchneider Electric EcoStruxure Control Expert has a command execution vulnerability. Attackers can use this vulnerability to execute commands by sending specially crafted requests through Modbus", "sources": [ { "db": "NVD", "id": "CVE-2020-28213" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "CNVD", "id": "CNVD-2021-29462" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-28213", "trust": 3.0 }, { "db": "SCHNEIDER", "id": "SEVD-2020-315-07", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-20-315-03", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU92857198", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-009547", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-29462", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202011-1679", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-29462" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "CNNVD", "id": "CNNVD-202011-1679" }, { "db": "NVD", "id": "CVE-2020-28213" } ] }, "id": "VAR-202011-0885", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-29462" } ], "trust": 1.2287037 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-29462" } ] }, "last_update_date": "2024-11-23T22:25:15.559000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "EcoStruxure Control Expert", "trust": 0.8, "url": "https://www.se.com/ww/en/product-range-download/548-ecostruxure%E2%84%A2-control-expert/?parent-subcategory-id=3950\u0026filter=business-1-industrial-automation-and-control\u0026selected-node-id=12365959203#/software-firmware-tab" }, { "title": "Security Notification - PLC Simulator on EcoStruxure\u0026#8482; Control Expert", "trust": 0.8, "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-07/" }, { "title": "Patch for Schneider Electric EcoStruxure Control Expert command execution vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/259521" }, { "title": "Schneider Electric Unity Pro Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137120" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-29462" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "CNNVD", "id": "CNNVD-202011-1679" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-494", "trust": 1.8 }, { "problemtype": "CWE-307", "trust": 0.8 }, { "problemtype": "CWE-120", "trust": 0.8 }, { "problemtype": "CWE-863", "trust": 0.8 }, { "problemtype": "CWE-754", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "NVD", "id": "CVE-2020-28213" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.se.com/ww/en/download/document/sevd-2020-315-07" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28213" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7559" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7538" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28211" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28212" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28213" }, { "trust": 0.8, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-03" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92857198/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-29462" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "CNNVD", "id": "CNNVD-202011-1679" }, { "db": "NVD", "id": "CVE-2020-28213" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-29462" }, { "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "db": "CNNVD", "id": "CNNVD-202011-1679" }, { "db": "NVD", "id": "CVE-2020-28213" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-19T00:00:00", "db": "CNVD", "id": "CNVD-2021-29462" }, { "date": "2020-11-12T06:49:50", "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "date": "2020-11-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202011-1679" }, { "date": "2020-11-19T22:15:13.597000", "db": "NVD", "id": "CVE-2020-28213" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-19T00:00:00", "db": "CNVD", "id": "CNVD-2021-29462" }, { "date": "2020-11-12T06:49:50", "db": "JVNDB", "id": "JVNDB-2020-009547" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202011-1679" }, { "date": "2024-11-21T05:22:29.150000", "db": "NVD", "id": "CVE-2020-28213" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202011-1679" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Schneider Electric Made PLC Simulator for EcoStruxure Control Expert Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-009547" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202011-1679" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.