Incorrect Authorization Vulnerability in EcoStruxure Control Expert by Schneider Electric
CVE-2020-28211

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Plc Simulator On Ecostruxureª Control Expert (now Unity Pro) (all Versions)
Vendor: CVE Published:; 19 November 2020

Summary

An incorrect authorization vulnerability in the PLC Simulator of EcoStruxure Control Expert allows attackers to bypass authentication mechanisms. This vulnerability could be exploited by manipulating memory through the use of a debugger, resulting in unauthorized access to the system. All versions of the product are affected, highlighting the need for immediate attention and remediation to enhance security.

Affected Version(s)

PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all ) PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-07

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2020
Vulnerability Reserved
Nov 5, 2020