CVE-2020-7475
CRITICALEcoStruxure Control Expert <14.1, Unity Pro, Modicon M340 <3.20, M580 <3.10 - DLL Injection
Title source: llmDescription
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://www.se.com/ww/en/download/document/SEVD-2020-080-01
Scores
CVSS v3
9.8
EPSS
0.0057
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (4)
schneider-electric/ecostruxure_control_expert
< 14.0
schneider-electric/modicon_m340_firmware
< 3.20
schneider-electric/modicon_m580_firmware
< 3.10
schneider-electric/unity_pro
Published
Mar 23, 2020
Tracked Since
Feb 18, 2026