PT-2020-5595 · Schneider Electric · Unity Pro+1
Published
2020-12-06
·
Updated
2022-01-31
·
CVE-2020-7560
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EcoStruxure Control Expert (all versions)
Unity Pro (all versions)
Description
A Write-what-where Condition issue exists that could cause a crash of the software or unexpected code execution when opening a malicious file. This is related to a buffer overflow condition. Exploitation of this issue may allow an attacker to cause a denial of service or execute arbitrary code by opening a specially crafted file.
Recommendations
For EcoStruxure Control Expert (all versions), consider avoiding the use of malicious files until a patch is available.
For Unity Pro (all versions), consider avoiding the use of malicious files until a patch is available.
As a temporary workaround, consider restricting the opening of files from untrusted sources in EcoStruxure Control Expert software until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecostruxure Control Expert
Unity Pro