CVE-2020-7480
CRITICALAndover Continuum - Code Injection via XML Processing
Title source: llmDescription
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-070-04/
Scores
CVSS v3
9.8
EPSS
0.0057
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (11)
schneider-electric/andover_continuum_5720_firmware
schneider-electric/andover_continuum_5740_firmware
schneider-electric/andover_continuum_9200_firmware
schneider-electric/andover_continuum_9680_firmware
schneider-electric/andover_continuum_9702_firmware
schneider-electric/andover_continuum_9900_firmware
schneider-electric/andover_continuum_9924_firmware
schneider-electric/andover_continuum_9940_firmware
schneider-electric/andover_continuum_9941_firmware
schneider-electric/andover_continuum_bcx4040_firmware
... and 1 more
Published
Mar 23, 2020
Tracked Since
Feb 18, 2026