CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxure Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
schneider-electricecostruxure_control_expert
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.se.com/ww/en/download/document/SEVD-2020-315-07
https://www.se.com/ww/en/download/document/SEVD-2020-315-07