What is CVE-2020-7496?

CVE-2020-7496 is a vulnerability that allows unauthorized write access in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior.

What is the severity of CVE-2020-7496?

The severity of CVE-2020-7496 is high with a CVSS score of 7.8.

How does CVE-2020-7496 work?

CVE-2020-7496 exploits an argument injection or modification vulnerability in EcoStruxure Operator Terminal Expert, allowing unauthorized write access when opening the project file.

What software versions are affected by CVE-2020-7496?

EcoStruxure Operator Terminal Expert versions 3.0, 3.1, and 3.1 Service Pack 1 are affected by CVE-2020-7496.

How can I fix CVE-2020-7496?

To fix CVE-2020-7496, users should update EcoStruxure Operator Terminal Expert to a version that is not affected by the vulnerability.

Vulnerability/
CVE-2020-7496

high

7.8

CWE

16/6/2020

4/8/2024

CVE-2020-7496

First published: Tue Jun 16 2020(Updated: )

A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file.

Credit: cybersecurity@se.com

Affected Software	Affected Version	How to fix
Schneider Electric EcoStruxure Operator Terminal Expert	<=3.0
Schneider Electric EcoStruxure Operator Terminal Expert	=3.1
Schneider Electric EcoStruxure Operator Terminal Expert	=3.1-sp1

Never miss a vulnerability like this again

Reference Links

https://www.se.com/ww/en/download/document/SEVD-2020-133-04

Frequently Asked Questions

What is CVE-2020-7496?
CVE-2020-7496 is a vulnerability that allows unauthorized write access in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior.
What is the severity of CVE-2020-7496?
The severity of CVE-2020-7496 is high with a CVSS score of 7.8.
How does CVE-2020-7496 work?
CVE-2020-7496 exploits an argument injection or modification vulnerability in EcoStruxure Operator Terminal Expert, allowing unauthorized write access when opening the project file.
What software versions are affected by CVE-2020-7496?
EcoStruxure Operator Terminal Expert versions 3.0, 3.1, and 3.1 Service Pack 1 are affected by CVE-2020-7496.
How can I fix CVE-2020-7496?
To fix CVE-2020-7496, users should update EcoStruxure Operator Terminal Expert to a version that is not affected by the vulnerability.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/references
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/se
canonical/schneider electric ecostruxure operator terminal expert
version/schneider electric ecostruxure operator terminal expert/3.0
version/schneider electric ecostruxure operator terminal expert/3.1
version/schneider electric ecostruxure operator terminal expert/3.1-sp1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.