First published: Mon Mar 23 2020(Updated: )
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Andover Continuum 9680 Firmware | ||
Schneider-electric Andover Continuum 9680 | ||
Schneider-electric Andover Continuum 5740 Firmware | ||
Schneider-electric Andover Continuum 5740 | ||
Schneider-electric Andover Continuum 5720 Firmware | ||
Schneider-electric Andover Continuum 5720 | ||
Schneider-electric Andover Continuum Bcx4040 Firmware | ||
Schneider-electric Andover Continuum Bcx4040 | ||
Schneider-electric Andover Continuum Bcx9640 Firmware | ||
Schneider-electric Andover Continuum Bcx9640 | ||
Schneider-electric Andover Continuum 9900 Firmware | ||
Schneider-electric Andover Continuum 9900 | ||
Schneider-electric Andover Continuum 9940 Firmware | ||
Schneider-electric Andover Continuum 9940 | ||
Schneider-electric Andover Continuum 9941 Firmware | ||
Schneider-electric Andover Continuum 9941 | ||
Schneider-electric Andover Continuum 9924 Firmware | ||
Schneider-electric Andover Continuum 9924 | ||
Schneider-electric Andover Continuum 9702 Firmware | ||
Schneider-electric Andover Continuum 9702 | ||
Schneider-electric Andover Continuum 9200 Firmware | ||
Schneider-electric Andover Continuum 9200 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-7480.
The severity level of CVE-2020-7480 is critical, with a severity value of 9.8.
The affected software for CVE-2020-7480 is Schneider-electric Andover Continuum (All versions).
The vulnerability CVE-2020-7480 is an Improper Control of Generation of Code ('Code Injection') vulnerability that could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
To fix the vulnerability CVE-2020-7480, it is recommended to apply the latest security patch provided by Schneider-electric.