Code Injection Vulnerability in Andover Continuum by Schneider Electric
CVE-2020-7480

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Andover Continuum (all Versions)
Vendor: CVE Published:; 23 March 2020

Summary

A code injection vulnerability exists in Andover Continuum, allowing an attacker to disrupt the application's processing of XML data. This disruption may render files on the application server filesystem accessible, posing significant security risks. It is crucial for users of Andover Continuum to implement necessary security measures to safeguard against potential unauthorized access to sensitive data.

Affected Version(s)

Andover Continuum (All ) Andover Continuum (All versions)

References

https://www.se.com/ww/en/download/document/SEVD-2020-070-04/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2020
Vulnerability Reserved
Jan 21, 2020