CVE-2020-28219

Name of the Vulnerable Software and Affected Versions EcoStruxure Geo SCADA Expert 2019 versions 81.7268.1 through 81.7578.1 EcoStruxure Geo SCADA Expert 2020 versions 83.7551.1 through 83.7578.1

Description A vulnerability exists that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX. This issue is related to insufficient protection of credentials, which may allow an attacker to gain unauthorized access to protected information.

Recommendations For EcoStruxure Geo SCADA Expert 2019 versions 81.7268.1 through 81.7578.1, update to a version later than 81.7578.1 to resolve the issue. For EcoStruxure Geo SCADA Expert 2020 versions 83.7551.1 through 83.7578.1, update to a version later than 83.7578.1 to resolve the issue. As a temporary workaround, consider restricting access to Virtual ViewX to minimize the risk of exploitation.