Details of VAR-202003-1441

ID

VAR-202003-1441

CVE

CVE-2020-7475

TITLE

plural Schneider Electric Product injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-003406

DESCRIPTION

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. plural Schneider Electric The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M580, etc. are all products of Schneider Electric in France. Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. Schneider Electric EcoStruxure Control Expert (formerly known as Unity Pro) is a set of programming software for Schneider Electric logic controller products. Many Schneider Electric products have injection vulnerabilities that attackers can use to send malicious code to the controller. The following products and versions are affected: EcoStruxure Control Expert 14.1 Hot Fix previous version; Unity Pro (full version); Modicon M340 V3.20 previous version; Modicon M580 V3.10 previous version

Trust: 2.79

sources: NVD: CVE-2020-7475 // JVNDB: JVNDB-2020-003406 // CNVD: CNVD-2020-23198 // IVD: 35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6 // IVD: 17a37300-5783-4a41-8124-fdbd46329f3c // IVD: c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31 // VULHUB: VHN-185600

IOT TAXONOMY

category:	['ICS']	sub_category:	-	Trust: 0.6
category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6

sources: IVD: 35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6 // IVD: 17a37300-5783-4a41-8124-fdbd46329f3c // IVD: c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31 // CNVD: CNVD-2020-23198

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m580	scope:	lt	version:	3.10	Trust: 1.0
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure control expert	scope:	lte	version:	14.0	Trust: 1.0
vendor:	schneider electric	model:	modicon m340	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure control expert	scope:	eq	version:	14.1 hot fix	Trust: 0.8
vendor:	schneider electric	model:	modicon m340	scope:	eq	version:	3.20	Trust: 0.8
vendor:	schneider electric	model:	modicon m580	scope:	eq	version:	3.10	Trust: 0.8
vendor:	ecostruxure control expert	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	unity pro	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	modicon m340	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	modicon m580	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	schneider	model:	electric unity pro	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric ecostruxure control expert hot fix	scope:	lt	version:	14.1	Trust: 0.6
vendor:	schneider	model:	electric modicon m340	scope:	lt	version:	3.20	Trust: 0.6
vendor:	schneider	model:	electric modicon m580	scope:	lt	version:	3.10	Trust: 0.6

sources: IVD: 35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6 // IVD: 17a37300-5783-4a41-8124-fdbd46329f3c // IVD: c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31 // CNVD: CNVD-2020-23198 // JVNDB: JVNDB-2020-003406 // NVD: CVE-2020-7475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7475
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-003406
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-23198
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202003-1330
value:	CRITICAL
Trust: 0.6
IVD:	35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6
value:	HIGH
Trust: 0.2
IVD:	17a37300-5783-4a41-8124-fdbd46329f3c
value:	HIGH
Trust: 0.2
IVD:	c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31
value:	HIGH
Trust: 0.2
VULHUB:	VHN-185600
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-7475
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003406
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-23198
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	17a37300-5783-4a41-8124-fdbd46329f3c
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-185600
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-7475
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-003406
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6 // IVD: 17a37300-5783-4a41-8124-fdbd46329f3c // IVD: c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31 // CNVD: CNVD-2020-23198 // VULHUB: VHN-185600 // JVNDB: JVNDB-2020-003406 // CNNVD: CNNVD-202003-1330 // NVD: CVE-2020-7475

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.9

sources: VULHUB: VHN-185600 // JVNDB: JVNDB-2020-003406 // NVD: CVE-2020-7475

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1330

TYPE

injection

Trust: 1.2

sources: IVD: 35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6 // IVD: 17a37300-5783-4a41-8124-fdbd46329f3c // IVD: c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31 // CNNVD: CNNVD-202003-1330

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003406

PATCH

title:	SEVD-2020-080-01	url:	https://www.se.com/ww/en/download/document/SEVD-2020-080-01/	Trust: 0.8
title:	Patch for Multiple Schneider Electric product injection vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/214305	Trust: 0.6
title:	Multiple Schneider Electric Fixing measures for product injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112775	Trust: 0.6

sources: CNVD: CNVD-2020-23198 // JVNDB: JVNDB-2020-003406 // CNNVD: CNNVD-202003-1330

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7475	Trust: 3.7
db:	SCHNEIDER	id:	SEVD-2020-080-01	Trust: 1.7
db:	CNVD	id:	CNVD-2020-23198	Trust: 1.3
db:	CNNVD	id:	CNNVD-202003-1330	Trust: 1.3
db:	JVNDB	id:	JVNDB-2020-003406	Trust: 0.8
db:	NSFOCUS	id:	46623	Trust: 0.6
db:	IVD	id:	35A9C5F0-4FF6-4832-9BFF-DD010F8FF4A6	Trust: 0.2
db:	IVD	id:	17A37300-5783-4A41-8124-FDBD46329F3C	Trust: 0.2
db:	IVD	id:	C6A4A266-58FD-48FF-B1ED-97CD3F6F2B31	Trust: 0.2
db:	VULHUB	id:	VHN-185600	Trust: 0.1

sources: IVD: 35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6 // IVD: 17a37300-5783-4a41-8124-fdbd46329f3c // IVD: c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31 // CNVD: CNVD-2020-23198 // VULHUB: VHN-185600 // JVNDB: JVNDB-2020-003406 // CNNVD: CNNVD-202003-1330 // NVD: CVE-2020-7475

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7475	Trust: 2.0
url:	http://www.se.com/ww/en/download/document/sevd-2020-080-01	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7475	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/46623	Trust: 0.6

sources: CNVD: CNVD-2020-23198 // VULHUB: VHN-185600 // JVNDB: JVNDB-2020-003406 // CNNVD: CNNVD-202003-1330 // NVD: CVE-2020-7475

SOURCES

db:	IVD	id:	35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6
db:	IVD	id:	17a37300-5783-4a41-8124-fdbd46329f3c
db:	IVD	id:	c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31
db:	CNVD	id:	CNVD-2020-23198
db:	VULHUB	id:	VHN-185600
db:	JVNDB	id:	JVNDB-2020-003406
db:	CNNVD	id:	CNNVD-202003-1330
db:	NVD	id:	CVE-2020-7475

LAST UPDATE DATE

2024-08-14T14:50:46.588000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-23198	date:	2020-04-17T00:00:00
db:	VULHUB	id:	VHN-185600	date:	2022-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-003406	date:	2020-04-15T00:00:00
db:	CNNVD	id:	CNNVD-202003-1330	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-7475	date:	2022-02-03T16:10:44.177

SOURCES RELEASE DATE

db:	IVD	id:	35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6	date:	2020-03-23T00:00:00
db:	IVD	id:	17a37300-5783-4a41-8124-fdbd46329f3c	date:	2020-03-23T00:00:00
db:	IVD	id:	c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31	date:	2020-03-23T00:00:00
db:	CNVD	id:	CNVD-2020-23198	date:	2020-04-17T00:00:00
db:	VULHUB	id:	VHN-185600	date:	2020-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-003406	date:	2020-04-15T00:00:00
db:	CNNVD	id:	CNNVD-202003-1330	date:	2020-03-23T00:00:00
db:	NVD	id:	CVE-2020-7475	date:	2020-03-23T19:15:12.413