Details of VAR-202011-0885

ID

VAR-202011-0885

CVE

CVE-2020-28213

TITLE

Schneider Electric Made PLC Simulator for EcoStruxure Control Expert Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009547

DESCRIPTION

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. PLC Simulator for EcoStruxure Control Expert and PLC Simulator for Unity Pro Is vulnerable to several vulnerabilities: ‥ * Buffer overflow (CWE-120) - CVE-2020-7559 ‥ * Improper checking in exceptional conditions of the program (CWE-754) - CVE-2020-7538 ‥ * Illegal authentication (CWE-863) - CVE-2020-28211 ‥ * Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-28212 ‥ * Incomplete integrity verification of downloaded code (CWE-494) - CVE-2020-28213The expected impact depends on each vulnerability, but it may be affected as follows. ‥ * By a remote third party Modbus If you send a specially crafted request via EcoStruxure Control Expert of PLC Simulator Is crashed - CVE-2020-7559 , CVE-2020-7538 ‥ * Authentication is bypassed if the memory is overwritten by a local third party using the debugger - CVE-2020-28211 ‥ * By a remote third party Modbus Brute force attack via brute force executes unauthorized commands - CVE-2020-28212 ‥ * By a remote third party Modbus If a specially crafted request is sent via, an unauthorized command will be executed - CVE-2020-28213. Schneider Electric EcoStruxure Control Expert is a universal programming, debugging and operating software for Modicon M340, M580, M580S, Premium, Momentum and Quantum series. Schneider Electric EcoStruxure Control Expert has a command execution vulnerability. Attackers can use this vulnerability to execute commands by sending specially crafted requests through Modbus

Trust: 2.16

sources: NVD: CVE-2020-28213 // JVNDB: JVNDB-2020-009547 // CNVD: CNVD-2021-29462

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-29462

AFFECTED PRODUCTS

vendor:	schneider electric	model:	ecostruxure control expert	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	plc simulator	scope:	eq	version:	for ecostruxure control expert 全て	Trust: 0.8
vendor:	schneider electric	model:	plc simulator	scope:	eq	version:	for unity pro (旧称：ecostruxure control expert) 全て	Trust: 0.8
vendor:	schneider	model:	electric ecostruxure control expert	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-29462 // JVNDB: JVNDB-2020-009547 // NVD: CVE-2020-28213

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2020-009547
value:	HIGH
Trust: 2.4
IPA:	JVNDB-2020-009547
value:	CRITICAL
Trust: 1.6
nvd@nist.gov:	CVE-2020-28213
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-29462
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202011-1679
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-28213
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-29462
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-28213
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-009547
baseSeverity:	CRITICAL
baseScore:	10
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-29462 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1679 // NVD: CVE-2020-28213

PROBLEMTYPE DATA

problemtype:	CWE-494	Trust: 1.8
problemtype:	CWE-307	Trust: 0.8
problemtype:	CWE-120	Trust: 0.8
problemtype:	CWE-863	Trust: 0.8
problemtype:	CWE-754	Trust: 0.8

sources: JVNDB: JVNDB-2020-009547 // NVD: CVE-2020-28213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1679

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1679

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009547

PATCH

title:	EcoStruxure Control Expert	url:	https://www.se.com/ww/en/product-range-download/548-ecostruxure%E2%84%A2-control-expert/?parent-subcategory-id=3950&filter=business-1-industrial-automation-and-control&selected-node-id=12365959203#/software-firmware-tab	Trust: 0.8
title:	Security Notification - PLC Simulator on EcoStruxure™ Control Expert	url:	https://www.se.com/ww/en/download/document/SEVD-2020-315-07/	Trust: 0.8
title:	Patch for Schneider Electric EcoStruxure Control Expert command execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/259521	Trust: 0.6
title:	Schneider Electric Unity Pro Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137120	Trust: 0.6

sources: CNVD: CNVD-2021-29462 // JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1679

EXTERNAL IDS

db:	NVD	id:	CVE-2020-28213	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2020-315-07	Trust: 1.6
db:	ICS CERT	id:	ICSA-20-315-03	Trust: 0.8
db:	JVN	id:	JVNVU92857198	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-009547	Trust: 0.8
db:	CNVD	id:	CNVD-2021-29462	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-1679	Trust: 0.6

sources: CNVD: CNVD-2021-29462 // JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1679 // NVD: CVE-2020-28213

REFERENCES

url:	https://www.se.com/ww/en/download/document/sevd-2020-315-07	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28213	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7559	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7538	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28211	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28212	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28213	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-315-03	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92857198/	Trust: 0.8

sources: CNVD: CNVD-2021-29462 // JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1679 // NVD: CVE-2020-28213

SOURCES

db:	CNVD	id:	CNVD-2021-29462
db:	JVNDB	id:	JVNDB-2020-009547
db:	CNNVD	id:	CNNVD-202011-1679
db:	NVD	id:	CVE-2020-28213

LAST UPDATE DATE

2024-08-14T13:54:25.492000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-29462	date:	2021-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-009547	date:	2020-11-12T06:49:50
db:	CNNVD	id:	CNNVD-202011-1679	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-28213	date:	2022-01-31T19:33:27.457

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-29462	date:	2021-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-009547	date:	2020-11-12T06:49:50
db:	CNNVD	id:	CNNVD-202011-1679	date:	2020-11-19T00:00:00
db:	NVD	id:	CVE-2020-28213	date:	2020-11-19T22:15:13.597