Vulnerability Details CVE-2020-7489
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-7489
-
cpe:2.3:a:schneider-electric:ecostruxure_machine_expert:-
-
cpe:2.3:a:schneider-electric:ecostruxure_machine_expert:2.0
-
cpe:2.3:a:schneider-electric:somachine_basic:-
-
cpe:2.3:a:schneider-electric:somachine_basic:1.0
-
cpe:2.3:a:schneider-electric:somachine_basic:1.1
-
cpe:2.3:a:schneider-electric:somachine_basic:1.2
-
cpe:2.3:a:schneider-electric:somachine_basic:1.3
-
cpe:2.3:a:schneider-electric:somachine_basic:1.4
-
cpe:2.3:a:schneider-electric:somachine_basic:1.5
-
cpe:2.3:a:schneider-electric:somachine_basic:1.5.0.1
-
cpe:2.3:a:schneider-electric:somachine_basic:1.6
-
cpe:2.3:h:schneider-electric:modicon_m100:-
-
cpe:2.3:h:schneider-electric:modicon_m200:-
-
cpe:2.3:h:schneider-electric:modicon_m221:-
-
cpe:2.3:o:schneider-electric:modicon_m100_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m200_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m221_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m221_firmware:1.1.1.5
-
cpe:2.3:o:schneider-electric:modicon_m221_firmware:1.10.0.0
-
cpe:2.3:o:schneider-electric:modicon_m221_firmware:1.6.2.0