CVE-2020-7559

EUVD-2020-28684
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
schneider-electricecostruxure_control_expert
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.se.com/ww/en/download/document/SEVD-2020-315-07
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1140
https://www.se.com/ww/en/download/document/SEVD-2020-315-07
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1140