CVE-2020-7493

Name of the Vulnerable Software and Affected Versions EcoStruxure Operator Terminal Expert versions 3.1 Service Pack 1 and prior

Description The issue is related to improper handling of VXDZ files and a SQL Injection vulnerability, which could allow an attacker to execute arbitrary code using a specially crafted file or web page. This may lead to malicious code execution when opening a project file.

Recommendations For EcoStruxure Operator Terminal Expert versions 3.1 Service Pack 1 and prior, update to a version that addresses the improper handling of VXDZ files and the SQL Injection vulnerability to prevent malicious code execution. As a temporary workaround, consider restricting access to VXDZ files and project files to minimize the risk of exploitation.