9.8
CVE-2020-28221
- EPSS 0.92%
- Published 26.01.2021 18:15:47
- Last modified 21.11.2024 05:22:30
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Ecostruxure Operator Terminal Expert Version3.1
Schneider-electric ≫ Hmi Sto 501 Version-
Schneider-electric ≫ Hmi Sto 511 Version-
Schneider-electric ≫ Hmi Sto 512 Version-
Schneider-electric ≫ Hmi Sto 531 Version-
Schneider-electric ≫ Hmi Sto 532 Version-
Schneider-electric ≫ Hmig3u Version-
Schneider-electric ≫ Hmig3x Version-
Schneider-electric ≫ Hmig5u Version-
Schneider-electric ≫ Hmig5u2 Version-
Schneider-electric ≫ Hmist6200 Version-
Schneider-electric ≫ Hmist6400 Version-
Schneider-electric ≫ Hmist6500 Version-
Schneider-electric ≫ Hmist6600 Version-
Schneider-electric ≫ Hmist6700 Version-
Schneider-electric ≫ Hmi Sto 511 Version-
Schneider-electric ≫ Hmi Sto 512 Version-
Schneider-electric ≫ Hmi Sto 531 Version-
Schneider-electric ≫ Hmi Sto 532 Version-
Schneider-electric ≫ Hmig3u Version-
Schneider-electric ≫ Hmig3x Version-
Schneider-electric ≫ Hmig5u Version-
Schneider-electric ≫ Hmig5u2 Version-
Schneider-electric ≫ Hmist6200 Version-
Schneider-electric ≫ Hmist6400 Version-
Schneider-electric ≫ Hmist6500 Version-
Schneider-electric ≫ Hmist6600 Version-
Schneider-electric ≫ Hmist6700 Version-
Schneider-electric ≫ Ecostruxure Operator Terminal Expert Version3.1 Updatesp1a
Schneider-electric ≫ Hmi Sto 501 Version-
Schneider-electric ≫ Hmi Sto 511 Version-
Schneider-electric ≫ Hmi Sto 512 Version-
Schneider-electric ≫ Hmi Sto 531 Version-
Schneider-electric ≫ Hmi Sto 532 Version-
Schneider-electric ≫ Hmig3u Version-
Schneider-electric ≫ Hmig3x Version-
Schneider-electric ≫ Hmig5u Version-
Schneider-electric ≫ Hmig5u2 Version-
Schneider-electric ≫ Hmist6200 Version-
Schneider-electric ≫ Hmist6400 Version-
Schneider-electric ≫ Hmist6500 Version-
Schneider-electric ≫ Hmist6600 Version-
Schneider-electric ≫ Hmist6700 Version-
Schneider-electric ≫ Hmi Sto 511 Version-
Schneider-electric ≫ Hmi Sto 512 Version-
Schneider-electric ≫ Hmi Sto 531 Version-
Schneider-electric ≫ Hmi Sto 532 Version-
Schneider-electric ≫ Hmig3u Version-
Schneider-electric ≫ Hmig3x Version-
Schneider-electric ≫ Hmig5u Version-
Schneider-electric ≫ Hmig5u2 Version-
Schneider-electric ≫ Hmist6200 Version-
Schneider-electric ≫ Hmist6400 Version-
Schneider-electric ≫ Hmist6500 Version-
Schneider-electric ≫ Hmist6600 Version-
Schneider-electric ≫ Hmist6700 Version-
Schneider-electric ≫ Pro-face Blue Version3.1
Schneider-electric ≫ Gp-4104g Version-
Schneider-electric ≫ Gp-4104w Version-
Schneider-electric ≫ Gp-4105g Version-
Schneider-electric ≫ Gp-4105w Version-
Schneider-electric ≫ Gp-4106g Version-
Schneider-electric ≫ Gp-4106w Version-
Schneider-electric ≫ Gp-4107g Version-
Schneider-electric ≫ Gp-4107w Version-
Schneider-electric ≫ Sp-5400wa Version-
Schneider-electric ≫ Sp-5500tp Version-
Schneider-electric ≫ Sp-5500wa Version-
Schneider-electric ≫ Sp-5600ta Version-
Schneider-electric ≫ Sp-5600tp Version-
Schneider-electric ≫ Sp-5600wa Version-
Schneider-electric ≫ Sp-5660tp Version-
Schneider-electric ≫ Sp-5700tp Version-
Schneider-electric ≫ Sp-5700wc Version-
Schneider-electric ≫ Sp-5800wc Version-
Schneider-electric ≫ Sp-5b00 Version-
Schneider-electric ≫ Sp-5b10 Version-
Schneider-electric ≫ Sp-5b41 Version-
Schneider-electric ≫ St-6200wa Version-
Schneider-electric ≫ St-6400wa Version-
Schneider-electric ≫ St-6500wa Version-
Schneider-electric ≫ St-6600wa Version-
Schneider-electric ≫ St-6700wa Version-
Schneider-electric ≫ Gp-4104w Version-
Schneider-electric ≫ Gp-4105g Version-
Schneider-electric ≫ Gp-4105w Version-
Schneider-electric ≫ Gp-4106g Version-
Schneider-electric ≫ Gp-4106w Version-
Schneider-electric ≫ Gp-4107g Version-
Schneider-electric ≫ Gp-4107w Version-
Schneider-electric ≫ Sp-5400wa Version-
Schneider-electric ≫ Sp-5500tp Version-
Schneider-electric ≫ Sp-5500wa Version-
Schneider-electric ≫ Sp-5600ta Version-
Schneider-electric ≫ Sp-5600tp Version-
Schneider-electric ≫ Sp-5600wa Version-
Schneider-electric ≫ Sp-5660tp Version-
Schneider-electric ≫ Sp-5700tp Version-
Schneider-electric ≫ Sp-5700wc Version-
Schneider-electric ≫ Sp-5800wc Version-
Schneider-electric ≫ Sp-5b00 Version-
Schneider-electric ≫ Sp-5b10 Version-
Schneider-electric ≫ Sp-5b41 Version-
Schneider-electric ≫ St-6200wa Version-
Schneider-electric ≫ St-6400wa Version-
Schneider-electric ≫ St-6500wa Version-
Schneider-electric ≫ St-6600wa Version-
Schneider-electric ≫ St-6700wa Version-
Schneider-electric ≫ Pro-face Blue Version3.1 Updatesp1a
Schneider-electric ≫ Gp-4104g Version-
Schneider-electric ≫ Gp-4104w Version-
Schneider-electric ≫ Gp-4105g Version-
Schneider-electric ≫ Gp-4105w Version-
Schneider-electric ≫ Gp-4106g Version-
Schneider-electric ≫ Gp-4106w Version-
Schneider-electric ≫ Gp-4107g Version-
Schneider-electric ≫ Gp-4107w Version-
Schneider-electric ≫ Sp-5400wa Version-
Schneider-electric ≫ Sp-5500tp Version-
Schneider-electric ≫ Sp-5500wa Version-
Schneider-electric ≫ Sp-5600ta Version-
Schneider-electric ≫ Sp-5600tp Version-
Schneider-electric ≫ Sp-5600wa Version-
Schneider-electric ≫ Sp-5660tp Version-
Schneider-electric ≫ Sp-5700tp Version-
Schneider-electric ≫ Sp-5700wc Version-
Schneider-electric ≫ Sp-5800wc Version-
Schneider-electric ≫ Sp-5b00 Version-
Schneider-electric ≫ Sp-5b10 Version-
Schneider-electric ≫ Sp-5b41 Version-
Schneider-electric ≫ St-6200wa Version-
Schneider-electric ≫ St-6400wa Version-
Schneider-electric ≫ St-6500wa Version-
Schneider-electric ≫ St-6600wa Version-
Schneider-electric ≫ St-6700wa Version-
Schneider-electric ≫ Gp-4104w Version-
Schneider-electric ≫ Gp-4105g Version-
Schneider-electric ≫ Gp-4105w Version-
Schneider-electric ≫ Gp-4106g Version-
Schneider-electric ≫ Gp-4106w Version-
Schneider-electric ≫ Gp-4107g Version-
Schneider-electric ≫ Gp-4107w Version-
Schneider-electric ≫ Sp-5400wa Version-
Schneider-electric ≫ Sp-5500tp Version-
Schneider-electric ≫ Sp-5500wa Version-
Schneider-electric ≫ Sp-5600ta Version-
Schneider-electric ≫ Sp-5600tp Version-
Schneider-electric ≫ Sp-5600wa Version-
Schneider-electric ≫ Sp-5660tp Version-
Schneider-electric ≫ Sp-5700tp Version-
Schneider-electric ≫ Sp-5700wc Version-
Schneider-electric ≫ Sp-5800wc Version-
Schneider-electric ≫ Sp-5b00 Version-
Schneider-electric ≫ Sp-5b10 Version-
Schneider-electric ≫ Sp-5b41 Version-
Schneider-electric ≫ St-6200wa Version-
Schneider-electric ≫ St-6400wa Version-
Schneider-electric ≫ St-6500wa Version-
Schneider-electric ≫ St-6600wa Version-
Schneider-electric ≫ St-6700wa Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.92% | 0.739 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.