CVE-2020-7489
CRITICALEcoStruxure Machine Expert and SoMachine Basic - DLL Substitution via Improper Neutralization
Title source: llmDescription
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-105-01
Scores
CVSS v3
9.8
EPSS
0.0067
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (5)
schneider-electric/ecostruxure_machine_expert
schneider-electric/modicon_m100_firmware
schneider-electric/modicon_m200_firmware
schneider-electric/modicon_m221_firmware
schneider-electric/somachine_basic
Published
Apr 22, 2020
Tracked Since
Feb 18, 2026