CVE-2020-28213
First published: Thu Nov 19 2020(Updated: )
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Ecostruxure Control Expert |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-28213?
CVE-2020-28213 is a Download of Code Without Integrity Check vulnerability that exists in PLC Simulator on EcoStruxure Control Expert (now Unity Pro) that could cause unauthorized command execution.
What is the severity of CVE-2020-28213?
The severity of CVE-2020-28213 is high with a CVSS score of 8.8.
Which software is affected by CVE-2020-28213?
EcoStruxure Control Expert (now Unity Pro) is affected by CVE-2020-28213.
How can CVE-2020-28213 be exploited?
CVE-2020-28213 can be exploited by sending specially crafted requests over Modbus.
Is there a fix available for CVE-2020-28213?
Yes, a fix is available. Refer to the vendor's website for more information.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric ecostruxure control expert