Sign-up

ID

VAR-202004-1859


CVE

CVE-2020-7489


TITLE

EcoStruxure Machine Expert - Basic and SoMachine Basic programming software Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004963

DESCRIPTION

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller. (DoS) It may be put into a state. Schneider Electric EcoStruxure Machine Expert–Basic and SoMachine Basic are both products of Schneider Electric (France). Schneider Electric EcoStruxure Machine Expert–Basic is a PLC configuration application. This program is mainly used for the configuration, programming and application debugging of programmable logic controllers. SoMachine Basic is a PLC configuration application. This program is mainly used for the configuration, programming and application debugging of programmable logic controllers

Trust: 2.16

sources: NVD: CVE-2020-7489 // JVNDB: JVNDB-2020-004963 // CNVD: CNVD-2020-33244

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-33244

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m100scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m221scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:ecostruxure machine expertscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m200scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:somachine basicscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:ecostruxure machine expertscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m100scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m200scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m221scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:somachine basicscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric somachine basicscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric ecostruxure machine expert basicscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-33244 // JVNDB: JVNDB-2020-004963 // NVD: CVE-2020-7489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7489
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004963
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-33244
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-1950
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-7489
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004963
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-33244
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7489
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004963
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-33244 // JVNDB: JVNDB-2020-004963 // CNNVD: CNNVD-202004-1950 // NVD: CVE-2020-7489

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2020-004963 // NVD: CVE-2020-7489

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1950

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1950

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004963

PATCH
title:SEVD-2020-105-01url:https://www.se.com/ww/en/download/document/SEVD-2020-105-01/
Trust: 0.8
title:Patch for Schneider Electric EcoStruxure Machine Expert-Basic or SoMachine Basic injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/221581
Trust: 0.6
title:Schneider Electric EcoStruxure Machine Expert – Basic or SoMachine Basic Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117011
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33244 // 
            
            
            
            JVNDB: JVNDB-2020-004963 // 
            
            
            
            CNNVD: CNNVD-202004-1950

EXTERNAL IDS
db:NVDid:CVE-2020-7489
Trust: 3.0
db:SCHNEIDERid:SEVD-2020-105-01
Trust: 1.6
db:JVNDBid:JVNDB-2020-004963
Trust: 0.8
db:CNVDid:CNVD-2020-33244
Trust: 0.6
db:NSFOCUSid:46621
Trust: 0.6
db:CNNVDid:CNNVD-202004-1950
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33244 // 
            
            
            
            JVNDB: JVNDB-2020-004963 // 
            
            
            
            CNNVD: CNNVD-202004-1950 // 
            
            
            
            NVD: CVE-2020-7489

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-7489
Trust: 2.0
url:https://www.se.com/ww/en/download/document/sevd-2020-105-01
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7489
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46621
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33244 // 
            
            
            
            JVNDB: JVNDB-2020-004963 // 
            
            
            
            CNNVD: CNNVD-202004-1950 // 
            
            
            
            NVD: CVE-2020-7489

SOURCES
db:CNVDid:CNVD-2020-33244
db:JVNDBid:JVNDB-2020-004963
db:CNNVDid:CNNVD-202004-1950
db:NVDid:CVE-2020-7489

LAST UPDATE DATE
2024-11-23T22:11:29.823000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-33244date:2020-06-16T00:00:00
db:JVNDBid:JVNDB-2020-004963date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-1950date:2022-03-10T00:00:00
db:NVDid:CVE-2020-7489date:2024-11-21T05:37:14.820

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-33244date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-004963date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-1950date:2020-04-22T00:00:00
db:NVDid:CVE-2020-7489date:2020-04-22T19:15:11.777