CVE-2020-28221

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxureâ„¢ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:sp1a:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:hmi_sto_501:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmi_sto_511:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmi_sto_512:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmi_sto_531:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmi_sto_532:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmig3u:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmig3x:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmig5u:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmig5u2:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6200:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6500:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6600:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:hmist6700:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:schneider-electric:pro-face_blue:3.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:pro-face_blue:3.1:sp1a:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:gp-4104g:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4104w:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4105g:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4105w:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4106g:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4106w:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4107g:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:gp-4107w:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5400wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5500tp:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5500wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5600ta:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5600tp:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5600wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5660tp:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5700tp:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5700wc:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5800wc:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5b00:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5b10:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sp-5b41:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6200wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6400wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6500wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6600wa:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:st-6700wa:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-01-26 18:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-28221

Mitre link : CVE-2020-28221

CVE.ORG link : CVE-2020-28221


JSON object : View

Products Affected

schneider-electric

  • gp-4107g
  • hmist6200
  • sp-5600wa
  • hmi_sto_501
  • sp-5800wc
  • sp-5600ta
  • st-6500wa
  • sp-5b10
  • st-6400wa
  • sp-5700tp
  • hmig3x
  • hmi_sto_532
  • gp-4105w
  • sp-5400wa
  • st-6700wa
  • sp-5b00
  • hmist6400
  • hmig5u2
  • gp-4104g
  • hmist6700
  • sp-5500tp
  • gp-4107w
  • sp-5b41
  • hmist6500
  • hmi_sto_512
  • hmist6600
  • sp-5700wc
  • ecostruxure_operator_terminal_expert
  • st-6200wa
  • hmi_sto_531
  • gp-4106w
  • sp-5600tp
  • pro-face_blue
  • hmig5u
  • gp-4104w
  • gp-4105g
  • sp-5500wa
  • st-6600wa
  • hmig3u
  • gp-4106g
  • hmi_sto_511
  • sp-5660tp
CWE
CWE-20

Improper Input Validation