Vulnerability Description
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Machine Expert | All versions |
| Schneider-Electric | Somachine Basic | All versions |
| Schneider-Electric | Modicon M100 Firmware | All versions |
| Schneider-Electric | Modicon M100 | - |
| Schneider-Electric | Modicon M200 Firmware | All versions |
| Schneider-Electric | Modicon M200 | - |
| Schneider-Electric | Modicon M221 Firmware | All versions |
| Schneider-Electric | Modicon M221 | - |
Related Weaknesses (CWE)
References
- https://www.se.com/ww/en/download/document/SEVD-2020-105-01PatchVendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-105-01PatchVendor Advisory
FAQ
What is CVE-2020-7489?
CVE-2020-7489 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming s...
How severe is CVE-2020-7489?
CVE-2020-7489 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-7489?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Machine Expert, Schneider-Electric Somachine Basic, Schneider-Electric Modicon M100 Firmware, Schneider-Electric Modicon M100, Schneider-Electric Modicon M200 Firmware.