CVE-2020-7560 — HIGH (8.6) — White Hats Nepal

Vulnerability Description

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Ecostruxure Control Expert	All versions
Schneider-Electric	Unity Pro	All versions

Related Weaknesses (CWE)

CWE-123

References

https://www.se.com/ww/en/download/document/SEVD-2020-343-01/Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-343-01/Vendor Advisory

FAQ

What is CVE-2020-7560?

CVE-2020-7560 is a vulnerability with a CVSS score of 8.6 (HIGH). A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a c...

How severe is CVE-2020-7560?

CVE-2020-7560 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7560?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Control Expert, Schneider-Electric Unity Pro.