CVE-2020-7489
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.
A CWE-74: Hay una vulnerabilidad de Neutralización Inapropiada de Elementos Especiales en una Salida Utilizada por un Componente Descendente ('Injection') en el software de programación EcoStruxure Machine Expert – Basic o SoMachine Basic (versiones en notificación de seguridad). El resultado de esta vulnerabilidad, la sustitución de la DLL, que podría permitir la transferencia de código malicioso al controlador.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-21 CVE Reserved
- 2020-04-22 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-105-01 | 2022-01-31 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Modicon M100 Firmware Search vendor "Schneider-electric" for product "Modicon M100 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M100 Search vendor "Schneider-electric" for product "Modicon M100" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M200 Firmware Search vendor "Schneider-electric" for product "Modicon M200 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M200 Search vendor "Schneider-electric" for product "Modicon M200" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M221 Firmware Search vendor "Schneider-electric" for product "Modicon M221 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M221 Search vendor "Schneider-electric" for product "Modicon M221" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Machine Expert Search vendor "Schneider-electric" for product "Ecostruxure Machine Expert" | * | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Somachine Basic Search vendor "Schneider-electric" for product "Somachine Basic" | * | - |
Affected
| ||||||