CVE-2020-7538

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert (all versions)

Description A vulnerability exists in the PLC Simulator of EcoStruxure Control Expert software, related to improper check for unusual or exceptional conditions. This issue could cause a crash of the PLC simulator when receiving a specially crafted request over Modbus. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For all versions, consider disabling the Modbus communication protocol temporarily until a patch is available to prevent potential crashes of the PLC simulator. Restrict access to the PLC simulator to minimize the risk of exploitation. Avoid using specially crafted requests over Modbus until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.