CVE-2020-28212

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert (all versions)

Description The issue is related to the lack of restrictions on authentication attempts, which could allow a remote attacker to bypass the authentication procedure. This vulnerability may lead to unauthorized command execution when a brute force attack is performed over Modbus.

Recommendations For all versions, consider implementing restrictions on excessive authentication attempts to prevent brute force attacks. As a temporary workaround, restrict access to the Modbus protocol to minimize the risk of exploitation. Avoid using the PLC Simulator on EcoStruxure Control Expert until a patch is available that addresses the improper restriction of excessive authentication attempts.