CVE-2020-7498
CRITICALUnity Loader and OS Loader - Use of Hard-coded Credentials
Title source: llmDescription
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-161-02
Scores
CVSS v3
9.8
EPSS
0.0049
EPSS Percentile
65.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (2)
schneider-electric/os_loader
schneider-electric/unity_loader
Published
Jun 16, 2020
Tracked Since
Feb 18, 2026