← Back

CVE-2020-7489

nvd nist
Published: Apr 22, 2020Modified: May 28, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.

Affected (5)

Schneider Electric
5 products
Ecostruxure Machine Expert
Somachine Basic
Modicon M100 Firmware
Modicon M200 Firmware
Modicon M221 Firmware
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Ecostruxure Machine Expert
All versions
Somachine Basic
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M100 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M100
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M200 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M200
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M221 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M221
All versions

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

Source: cybersecurity@se.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.