CVE-2020-28213

HIGH

Schneider-electric Ecostruxure Contro... - Download Without Integrity Check

Title source: rule

Description

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.

References (1)

[Patch, Vendor Advisory] https://www.se.com/ww/en/download/document/SEVD-2020-315-07

Scores

CVSS v3 8.8

EPSS 0.0035

EPSS Percentile 57.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (1)

schneider-electric/ecostruxure_control_expert

Published Nov 19, 2020

Tracked Since Feb 18, 2026