Details of VAR-202011-0884

ID

VAR-202011-0884

CVE

CVE-2020-28212

TITLE

Schneider Electric Made PLC Simulator for EcoStruxure Control Expert Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009547

DESCRIPTION

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. ‥ * By a remote third party Modbus If you send a specially crafted request via EcoStruxure Control Expert of PLC Simulator Is crashed - CVE-2020-7559 , CVE-2020-7538 ‥ * Authentication is bypassed if the memory is overwritten by a local third party using the debugger - CVE-2020-28211 ‥ * By a remote third party Modbus Brute force attack via brute force executes unauthorized commands - CVE-2020-28212 ‥ * By a remote third party Modbus If a specially crafted request is sent via, an unauthorized command will be executed - CVE-2020-28213. EcoStruxure Control Expert is the universal programming, debugging and operating software for Modicon M340, M580, M580S, Premium, Momentum and Quantum series. The PLC Simulator in EcoStruxure Control Expert has security vulnerabilities. Attackers can conduct brute force attacks through Modbus, which can exploit this vulnerability to execute commands without authorization

Trust: 2.25

sources: NVD: CVE-2020-28212 // JVNDB: JVNDB-2020-009547 // CNVD: CNVD-2021-29461 // VULMON: CVE-2020-28212

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-29461

AFFECTED PRODUCTS

vendor:	schneider electric	model:	ecostruxure control expert	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	plc simulator	scope:	eq	version:	for ecostruxure control expert 全て	Trust: 0.8
vendor:	schneider electric	model:	plc simulator	scope:	eq	version:	for unity pro (旧称：ecostruxure control expert) 全て	Trust: 0.8
vendor:	schneider	model:	electric ecostruxure control expert	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-29461 // JVNDB: JVNDB-2020-009547 // NVD: CVE-2020-28212

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2020-009547
value:	HIGH
Trust: 2.4
IPA:	JVNDB-2020-009547
value:	CRITICAL
Trust: 1.6
nvd@nist.gov:	CVE-2020-28212
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2021-29461
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202011-1690
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-28212
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-28212
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-29461
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-28212
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-009547
baseSeverity:	CRITICAL
baseScore:	10
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-29461 // VULMON: CVE-2020-28212 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1690 // NVD: CVE-2020-28212

PROBLEMTYPE DATA

problemtype:	CWE-307	Trust: 1.8
problemtype:	CWE-494	Trust: 0.8
problemtype:	CWE-120	Trust: 0.8
problemtype:	CWE-863	Trust: 0.8
problemtype:	CWE-754	Trust: 0.8

sources: JVNDB: JVNDB-2020-009547 // NVD: CVE-2020-28212

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1690

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202011-1690

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009547

PATCH

title:	EcoStruxure Control Expert	url:	https://www.se.com/ww/en/product-range-download/548-ecostruxure%E2%84%A2-control-expert/?parent-subcategory-id=3950&filter=business-1-industrial-automation-and-control&selected-node-id=12365959203#/software-firmware-tab	Trust: 0.8
title:	Security Notification - PLC Simulator on EcoStruxure™ Control Expert	url:	https://www.se.com/ww/en/download/document/SEVD-2020-315-07/	Trust: 0.8
title:	Patch for Schneider Electric EcoStruxure Control Expert has an unspecified vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/259516	Trust: 0.6
title:	Schneider Electric Unity Pro Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137123	Trust: 0.6
title:	Securelist	url:	https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/	Trust: 0.1

sources: CNVD: CNVD-2021-29461 // VULMON: CVE-2020-28212 // JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1690

EXTERNAL IDS

db:	NVD	id:	CVE-2020-28212	Trust: 3.1
db:	SCHNEIDER	id:	SEVD-2020-315-07	Trust: 1.7
db:	ICS CERT	id:	ICSA-20-315-03	Trust: 0.8
db:	JVN	id:	JVNVU92857198	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-009547	Trust: 0.8
db:	CNVD	id:	CNVD-2021-29461	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-1690	Trust: 0.6
db:	VULMON	id:	CVE-2020-28212	Trust: 0.1

sources: CNVD: CNVD-2021-29461 // VULMON: CVE-2020-28212 // JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1690 // NVD: CVE-2020-28212

REFERENCES

url:	https://www.se.com/ww/en/download/document/sevd-2020-315-07	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28212	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7559	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7538	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28211	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28212	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28213	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-315-03	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92857198/	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/307.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/	Trust: 0.1

sources: CNVD: CNVD-2021-29461 // VULMON: CVE-2020-28212 // JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1690 // NVD: CVE-2020-28212

SOURCES

db:	CNVD	id:	CNVD-2021-29461
db:	VULMON	id:	CVE-2020-28212
db:	JVNDB	id:	JVNDB-2020-009547
db:	CNNVD	id:	CNNVD-202011-1690
db:	NVD	id:	CVE-2020-28212

LAST UPDATE DATE

2024-08-14T13:54:25.519000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-29461	date:	2021-04-19T00:00:00
db:	VULMON	id:	CVE-2020-28212	date:	2022-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2020-009547	date:	2020-11-12T06:49:50
db:	CNNVD	id:	CNNVD-202011-1690	date:	2021-07-12T00:00:00
db:	NVD	id:	CVE-2020-28212	date:	2022-01-31T19:33:27.450

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-29461	date:	2021-04-19T00:00:00
db:	VULMON	id:	CVE-2020-28212	date:	2020-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-009547	date:	2020-11-12T06:49:50
db:	CNNVD	id:	CNNVD-202011-1690	date:	2020-11-19T00:00:00
db:	NVD	id:	CVE-2020-28212	date:	2020-11-19T22:15:13.490