A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.
References
Link | Resource |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2020-315-07 | Patch Vendor Advisory |
Configurations
History
31 Jan 2022, 19:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:* |
Information
Published : 2020-11-19 22:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-28213
Mitre link : CVE-2020-28213
CVE.ORG link : CVE-2020-28213
JSON object : View
Products Affected
schneider-electric
- ecostruxure_control_expert
CWE
CWE-494
Download of Code Without Integrity Check