First published: Wed Apr 22 2020(Updated: )
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Ecostruxure Machine Expert | ||
Schneider-electric Somachine Basic | ||
Schneider-electric Modicon M100 Firmware | ||
Schneider-electric Modicon M100 | ||
Schneider-electric Modicon M200 Firmware | ||
Schneider-electric Modicon M200 | ||
Schneider-electric Modicon M221 Firmware | ||
Schneider-electric Modicon M221 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7489 is a CWE-74 vulnerability that affects EcoStruxure Machine Expert and SoMachine Basic programming software.
CVE-2020-7489 has a severity rating of 9.8 (Critical).
EcoStruxure Machine Expert and SoMachine Basic programming software versions mentioned in the security notification are affected by CVE-2020-7489.
CVE-2020-7489 manifests as a DLL substitution vulnerability.
You can find more information about CVE-2020-7489 at the following link: [https://www.se.com/ww/en/download/document/SEVD-2020-105-01](https://www.se.com/ww/en/download/document/SEVD-2020-105-01)