CVE-2020-7480
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
Una CWE-94: Se presenta una vulnerabilidad de Control Inapropiado de la Generación de Código ("Inyección de código") en Andover Continuum (Todas las versiones), lo que podría causar que los archivos en el sistema de archivos del servidor de aplicaciones sean visibles cuando un atacante interfiere con el procesamiento de datos XML de una aplicación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-21 CVE Reserved
- 2020-03-23 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-070-04 | 2020-03-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9680 Firmware Search vendor "Schneider-electric" for product "Andover Continuum 9680 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9680 Search vendor "Schneider-electric" for product "Andover Continuum 9680" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 5740 Firmware Search vendor "Schneider-electric" for product "Andover Continuum 5740 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 5740 Search vendor "Schneider-electric" for product "Andover Continuum 5740" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 5720 Firmware Search vendor "Schneider-electric" for product "Andover Continuum 5720 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 5720 Search vendor "Schneider-electric" for product "Andover Continuum 5720" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum Bcx4040 Firmware Search vendor "Schneider-electric" for product "Andover Continuum Bcx4040 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum Bcx4040 Search vendor "Schneider-electric" for product "Andover Continuum Bcx4040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum Bcx9640 Firmware Search vendor "Schneider-electric" for product "Andover Continuum Bcx9640 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum Bcx9640 Search vendor "Schneider-electric" for product "Andover Continuum Bcx9640" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9900 Firmware Search vendor "Schneider-electric" for product "Andover Continuum 9900 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9900 Search vendor "Schneider-electric" for product "Andover Continuum 9900" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9940 Firmware Search vendor "Schneider-electric" for product "Andover Continuum 9940 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9940 Search vendor "Schneider-electric" for product "Andover Continuum 9940" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9941 Firmware Search vendor "Schneider-electric" for product "Andover Continuum 9941 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9941 Search vendor "Schneider-electric" for product "Andover Continuum 9941" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9924 Firmware Search vendor "Schneider-electric" for product "Andover Continuum 9924 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9924 Search vendor "Schneider-electric" for product "Andover Continuum 9924" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9702 Firmware Search vendor "Schneider-electric" for product "Andover Continuum 9702 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9702 Search vendor "Schneider-electric" for product "Andover Continuum 9702" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9200 Firmware Search vendor "Schneider-electric" for product "Andover Continuum 9200 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Andover Continuum 9200 Search vendor "Schneider-electric" for product "Andover Continuum 9200" | - | - |
Safe
|