Details of VAR-202004-1857

ID

VAR-202004-1857

CVE

CVE-2020-7487

TITLE

plural Modicon Inadequate validation vulnerabilities for data reliability in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-004731

DESCRIPTION

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. plural Modicon The product contains vulnerabilities to inadequate validation of data reliability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company

Trust: 2.25

sources: NVD: CVE-2020-7487 // JVNDB: JVNDB-2020-004731 // CNVD: CNVD-2021-25703 // VULHUB: VHN-185612

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-25703

AFFECTED PRODUCTS

vendor:	schneider	model:	electric modicon m241	scope:	-	version:	-	Trust: 1.2
vendor:	schneider electric	model:	somachine	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	somachine motion	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure machine expert	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m251	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m258	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m218	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m241	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure machine expert	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m218	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m241	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m251	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m258	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	somachine	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	somachine motion	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m218	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m258	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-25703 // JVNDB: JVNDB-2020-004731 // NVD: CVE-2020-7487

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7487
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-004731
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-25703
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202004-1944
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-185612
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-7487
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004731
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-25703
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-185612
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-7487
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004731
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-25703 // VULHUB: VHN-185612 // JVNDB: JVNDB-2020-004731 // CNNVD: CNNVD-202004-1944 // NVD: CVE-2020-7487

PROBLEMTYPE DATA

problemtype:

CWE-345

Trust: 1.9

sources: VULHUB: VHN-185612 // JVNDB: JVNDB-2020-004731 // NVD: CVE-2020-7487

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1944

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202004-1944

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004731

PATCH

title:	SEVD-2020-105-02	url:	https://www.se.com/ww/en/download/document/SEVD-2020-105-02/	Trust: 0.8
title:	Patch for Data forgery vulnerabilities in multiple Schneider Electric products	url:	https://www.cnvd.org.cn/patchInfo/show/256506	Trust: 0.6
title:	Multiple Schneider Electric Product data falsification issues	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117008	Trust: 0.6

sources: CNVD: CNVD-2021-25703 // JVNDB: JVNDB-2020-004731 // CNNVD: CNNVD-202004-1944

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7487	Trust: 3.1
db:	SCHNEIDER	id:	SEVD-2020-105-02	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-004731	Trust: 0.8
db:	CNVD	id:	CNVD-2021-25703	Trust: 0.7
db:	CNNVD	id:	CNNVD-202004-1944	Trust: 0.7
db:	VULHUB	id:	VHN-185612	Trust: 0.1

sources: CNVD: CNVD-2021-25703 // VULHUB: VHN-185612 // JVNDB: JVNDB-2020-004731 // CNNVD: CNNVD-202004-1944 // NVD: CVE-2020-7487

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7487	Trust: 2.0
url:	https://www.se.com/ww/en/download/document/sevd-2020-105-02	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7487	Trust: 0.8

sources: CNVD: CNVD-2021-25703 // VULHUB: VHN-185612 // JVNDB: JVNDB-2020-004731 // CNNVD: CNNVD-202004-1944 // NVD: CVE-2020-7487

SOURCES

db:	CNVD	id:	CNVD-2021-25703
db:	VULHUB	id:	VHN-185612
db:	JVNDB	id:	JVNDB-2020-004731
db:	CNNVD	id:	CNNVD-202004-1944
db:	NVD	id:	CVE-2020-7487

LAST UPDATE DATE

2024-11-23T22:21:12.206000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-25703	date:	2021-04-08T00:00:00
db:	VULHUB	id:	VHN-185612	date:	2022-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-004731	date:	2020-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202004-1944	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-7487	date:	2024-11-21T05:37:14.580

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-25703	date:	2021-04-08T00:00:00
db:	VULHUB	id:	VHN-185612	date:	2020-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-004731	date:	2020-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202004-1944	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2020-7487	date:	2020-04-22T19:15:11.653