CVE-2020-7559

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert (all versions)

Description A buffer copy without checking the size of input issue exists in the PLC Simulator of EcoStruxure Control Expert software. This could cause a crash of the PLC simulator when receiving a specially crafted request over Modbus. The issue allows a remote attacker to potentially cause a denial of service.

Recommendations For all versions, consider restricting access to the Modbus protocol until a fix is available. As a temporary workaround, disabling the PLC Simulator functionality may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.