PT-2020-6316 · Schneider Electric · Ecostruxure Control Expert

Published

2020-11-19

Updated

2022-01-31

CVE-2020-28211

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert (all versions)

Description A vulnerability exists in the PLC Simulator of EcoStruxure Control Expert that could cause bypass of authentication when overwriting memory using a debugger. This issue is related to incorrect authorization.

Recommendations For all versions, consider disabling the debugger functionality as a temporary workaround to minimize the risk of exploitation until a patch is available. Restrict access to the PLC Simulator to minimize the risk of unauthorized access.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2021-04172

CVE-2020-28211

Affected Products

Ecostruxure Control Expert

PT-2020-6316 · Schneider Electric · Ecostruxure Control Expert

CVE-2020-28211

Weakness Enumeration

Related Identifiers

Affected Products

References · 7