Vulnerability Details CVE-2020-28211
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2020-28211
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:-
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.0
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.1
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.1
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.2
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.3
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:16.0