CVE-2020-28221

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:sp1a:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:hmi_sto_501:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmi_sto_511:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmi_sto_512:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmi_sto_531:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmi_sto_532:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmig3u:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmig3x:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmig5u:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmig5u2:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6200:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6500:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6600:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6700:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:schneider-electric:pro-face_blue:3.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:pro-face_blue:3.1:sp1a:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:gp-4104g:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4104w:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4105g:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4105w:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4106g:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4106w:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4107g:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4107w:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5400wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5500tp:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5500wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5600ta:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5600tp:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5600wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5660tp:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5700tp:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5700wc:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5800wc:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5b00:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5b10:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5b41:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6200wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6400wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6500wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6600wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6700wa:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:22

Type Values Removed Values Added
References () https://www.se.com/ww/en/download/document/SEVD-2021-012-01/ - Patch, Vendor Advisory () https://www.se.com/ww/en/download/document/SEVD-2021-012-01/ - Patch, Vendor Advisory

Information

Published : 2021-01-26 18:15

Updated : 2024-11-21 05:22


NVD link : CVE-2020-28221

Mitre link : CVE-2020-28221

CVE.ORG link : CVE-2020-28221


JSON object : View

Products Affected

schneider-electric

  • hmist6200
  • gp-4107g
  • sp-5800wc
  • gp-4104g
  • st-6200wa
  • sp-5700wc
  • hmist6700
  • hmist6600
  • hmist6400
  • pro-face_blue
  • hmig3x
  • gp-4107w
  • sp-5660tp
  • sp-5500wa
  • sp-5700tp
  • hmi_sto_531
  • hmi_sto_512
  • st-6400wa
  • sp-5b00
  • ecostruxure_operator_terminal_expert
  • sp-5400wa
  • st-6500wa
  • gp-4105w
  • sp-5600wa
  • sp-5b10
  • hmi_sto_501
  • hmig5u2
  • st-6700wa
  • st-6600wa
  • hmi_sto_511
  • hmist6500
  • hmig3u
  • gp-4105g
  • hmig5u
  • sp-5600ta
  • gp-4104w
  • sp-5b41
  • gp-4106g
  • gp-4106w
  • sp-5500tp
  • sp-5600tp
  • hmi_sto_532
CWE
CWE-20

Improper Input Validation