Details of VAR-202011-1295

ID

VAR-202011-1295

CVE

CVE-2020-7559

TITLE

Schneider Electric Made PLC Simulator for EcoStruxure Control Expert Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009547

DESCRIPTION

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. PLC Simulator for EcoStruxure Control Expert and PLC Simulator for Unity Pro Is vulnerable to several vulnerabilities: ‥ * Buffer overflow (CWE-120) - CVE-2020-7559 ‥ * Improper checking in exceptional conditions of the program (CWE-754) - CVE-2020-7538 ‥ * Illegal authentication (CWE-863) - CVE-2020-28211 ‥ * Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-28212 ‥ * Incomplete integrity verification of downloaded code (CWE-494) - CVE-2020-28213The expected impact depends on each vulnerability, but it may be affected as follows. ‥ * By a remote third party Modbus If you send a specially crafted request via EcoStruxure Control Expert of PLC Simulator Is crashed - CVE-2020-7559 , CVE-2020-7538 ‥ * Authentication is bypassed if the memory is overwritten by a local third party using the debugger - CVE-2020-28211 ‥ * By a remote third party Modbus Brute force attack via brute force executes unauthorized commands - CVE-2020-28212 ‥ * By a remote third party Modbus If a specially crafted request is sent via, an unauthorized command will be executed - CVE-2020-28213

Trust: 1.62

sources: NVD: CVE-2020-7559 // JVNDB: JVNDB-2020-009547

AFFECTED PRODUCTS

vendor:	schneider electric	model:	ecostruxure control expert	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	plc simulator	scope:	eq	version:	for ecostruxure control expert 全て	Trust: 0.8
vendor:	schneider electric	model:	plc simulator	scope:	eq	version:	for unity pro (旧称：ecostruxure control expert) 全て	Trust: 0.8

sources: JVNDB: JVNDB-2020-009547 // NVD: CVE-2020-7559

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2020-009547
value:	HIGH
Trust: 2.4
IPA:	JVNDB-2020-009547
value:	CRITICAL
Trust: 1.6
NVD:	CVE-2020-7559
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202011-1675
value:	HIGH
Trust: 0.6

NVD:	CVE-2020-7559
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0

NVD:	CVE-2020-7559
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-009547
baseSeverity:	CRITICAL
baseScore:	10
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-009547
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1675 // NVD: CVE-2020-7559

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.8
problemtype:	CWE-494	Trust: 0.8
problemtype:	CWE-307	Trust: 0.8
problemtype:	CWE-863	Trust: 0.8
problemtype:	CWE-754	Trust: 0.8

sources: JVNDB: JVNDB-2020-009547 // NVD: CVE-2020-7559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1675

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1675

CONFIGURATIONS

sources: NVD: CVE-2020-7559

PATCH

title:	EcoStruxure Control Expert	url:	https://www.se.com/ww/en/product-range-download/548-ecostruxure%e2%84%a2-control-expert/?parent-subcategory-id=3950&filter=business-1-industrial-automation-and-control&selected-node-id=12365959203#/software-firmware-tab	Trust: 0.8
title:	Security Notification - PLC Simulator on EcoStruxure™ Control Expert	url:	https://www.se.com/ww/en/download/document/sevd-2020-315-07/	Trust: 0.8

sources: JVNDB: JVNDB-2020-009547

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7559	Trust: 2.4
db:	TALOS	id:	TALOS-2020-1140	Trust: 1.6
db:	SCHNEIDER	id:	SEVD-2020-315-07	Trust: 1.6
db:	ICS CERT	id:	ICSA-20-315-03	Trust: 0.8
db:	JVN	id:	JVNVU92857198	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-009547	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-1675	Trust: 0.6

sources: JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1675 // NVD: CVE-2020-7559

REFERENCES

url:	https://www.se.com/ww/en/download/document/sevd-2020-315-07	Trust: 1.6
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2020-1140	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7559	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7538	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28211	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28212	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28213	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-315-03	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92857198/	Trust: 0.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2020-1140	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7559	Trust: 0.6

sources: JVNDB: JVNDB-2020-009547 // CNNVD: CNNVD-202011-1675 // NVD: CVE-2020-7559

SOURCES

db:	JVNDB	id:	JVNDB-2020-009547
db:	CNNVD	id:	CNNVD-202011-1675
db:	NVD	id:	CVE-2020-7559

LAST UPDATE DATE

2022-05-04T09:15:37.678000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-009547	date:	2020-11-12T06:49:50
db:	CNNVD	id:	CNNVD-202011-1675	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-7559	date:	2022-02-03T13:48:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-009547	date:	2020-11-12T06:49:50
db:	CNNVD	id:	CNNVD-202011-1675	date:	2020-11-19T00:00:00
db:	NVD	id:	CVE-2020-7559	date:	2020-11-19T22:15:00