1. Home
  2. CVE Database
  3. CVE-2020-7480
CRITICAL · 9.8

CVE-2020-7480

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewabl...

Vulnerability Description

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricAndover Continuum 9680 FirmwareAll versions
Schneider-ElectricAndover Continuum 9680-
Schneider-ElectricAndover Continuum 5740 FirmwareAll versions
Schneider-ElectricAndover Continuum 5740-
Schneider-ElectricAndover Continuum 5720 FirmwareAll versions
Schneider-ElectricAndover Continuum 5720-
Schneider-ElectricAndover Continuum Bcx4040 FirmwareAll versions
Schneider-ElectricAndover Continuum Bcx4040-
Schneider-ElectricAndover Continuum Bcx9640 FirmwareAll versions
Schneider-ElectricAndover Continuum Bcx9640-
Schneider-ElectricAndover Continuum 9900 FirmwareAll versions
Schneider-ElectricAndover Continuum 9900-
Schneider-ElectricAndover Continuum 9940 FirmwareAll versions
Schneider-ElectricAndover Continuum 9940-
Schneider-ElectricAndover Continuum 9941 FirmwareAll versions
Schneider-ElectricAndover Continuum 9941-
Schneider-ElectricAndover Continuum 9924 FirmwareAll versions
Schneider-ElectricAndover Continuum 9924-
Schneider-ElectricAndover Continuum 9702 FirmwareAll versions
Schneider-ElectricAndover Continuum 9702-

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2020-7480?

CVE-2020-7480 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewabl...

How severe is CVE-2020-7480?

CVE-2020-7480 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-7480?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Andover Continuum 9680 Firmware, Schneider-Electric Andover Continuum 9680, Schneider-Electric Andover Continuum 5740 Firmware, Schneider-Electric Andover Continuum 5740, Schneider-Electric Andover Continuum 5720 Firmware.