CVE-2020-28212

Published: Nov 19, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

Affected (1)

Products: Schneider Electric: Ecostruxure Control Expert

Schneider Electric

1 product

Ecostruxure Control Expert

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure Control Expert	All versions

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2020-315-07

Source: cybersecurity@se.com

PatchVendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2020-315-07

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.