CVE-2020-28213

Name of the Vulnerable Software and Affected Versions EcoStruxureª Control Expert (now Unity Pro) (all versions)

Description A CWE-494: Download of Code Without Integrity Check issue exists in the PLC Simulator that could cause unauthorized command execution when sending specially crafted requests over Modbus.

Recommendations For all versions, consider restricting access to the Modbus protocol to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the PLC Simulator functionality until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this issue.