Buffer Overflow Vulnerability in EcoStruxure Control Expert by Schneider Electric
CVE-2020-7559

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Plc Simulator On Ecostruxureª Control Expert (now Unity Pro) (all Versions)
Vendor: CVE Published:; 19 November 2020

Summary

A buffer overflow vulnerability exists in the PLC Simulator component of EcoStruxure Control Expert, formerly known as Unity Pro. This flaw can be exploited by sending specially crafted requests over the Modbus protocol, potentially leading to a crash of the PLC simulator. It highlights the importance of careful input size validation to prevent unexpected behavior and system instability.

Affected Version(s)

PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all ) PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-07

x_refsource_MISC

https://www.talosintelligence.com/vulnerability_reports/T...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2020
Vulnerability Reserved
Jan 21, 2020