Main Vulnerability Database Vulnerabilities #VU27383

#VU27383 Insufficient verification of data authenticity in Schneider Electric products - CVE-2020-7487

Published: April 28, 2020

Vulnerability identifier: #VU27383

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-7487

CWE-ID: CWE-345

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
EcoStruxure Machine Expert
SoMachine
SoMachine Motion
Modicon M218
Modicon M241
Modicon M251
Modicon M258

Software vendor:
Schneider Electric

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient verification of data authenticity issue. A remote attacker on the local network can execute arbitrary code on the Modicon controllers.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.se.com/ww/en/download/document/SEVD-2020-105-02

#VU27383 Insufficient verification of data authenticity in Schneider Electric products - CVE-2020-7487

Description

Remediation

External links

Please verify you're human