Write-What-Where Condition Vulnerability in EcoStruxure Control Expert and Unity Pro
CVE-2020-7560

8.6HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure™ Control Expert (all Versions) And Unity Pro (former Name Of Ecostruxure™ Control Expert) (all Versions)
Vendor: CVE Published:; 11 December 2020

Summary

A Write-What-Where Condition vulnerability exists in EcoStruxure Control Expert and Unity Pro, which can lead to software crashes or the execution of unintended code when a malicious file is opened. This risk necessitates immediate attention to ensure system integrity and protect against potential exploits.

Affected Version(s)

EcoStruxure™ Control Expert (all ) and Unity Pro (former name of EcoStruxure™ Control Expert) (all ) EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions)

References

https://www.se.com/ww/en/download/document/SEVD-2020-343-01/

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 11, 2020
Vulnerability Reserved
Jan 21, 2020