CVE-2020-7475

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert versions prior to 14.1 Hot Fix Unity Pro versions (all versions) Modicon M340 versions prior to V3.20 Modicon M580 versions prior to V3.10

Description A vulnerability exists due to the improper neutralization of special elements in output used by a downstream component, which could allow attackers to transfer malicious code to the controller. This issue affects programmable logic controllers (PLCs) used in various productions for automating technological processes. The vulnerability can be exploited to gain control over the PLC and use it as an intermediate point to access the internal technological network.

Recommendations For EcoStruxure Control Expert versions prior to 14.1 Hot Fix, update to version 14.1 Hot Fix or later. For Unity Pro versions, there is no information about a newer version that contains a fix for this vulnerability. For Modicon M340 versions prior to V3.20, update to version V3.20 or later. For Modicon M580 versions prior to V3.10, update to version V3.10 or later. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.