A CWE-20: Improper Input Validation vulnerability exists in EcoStruxureâ„¢ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
References
Link | Resource |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2021-012-01/ | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
No history.
Information
Published : 2021-01-26 18:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-28221
Mitre link : CVE-2020-28221
CVE.ORG link : CVE-2020-28221
JSON object : View
Products Affected
schneider-electric
- gp-4107g
- hmist6200
- sp-5600wa
- hmi_sto_501
- sp-5800wc
- sp-5600ta
- st-6500wa
- sp-5b10
- st-6400wa
- sp-5700tp
- hmig3x
- hmi_sto_532
- gp-4105w
- sp-5400wa
- st-6700wa
- sp-5b00
- hmist6400
- hmig5u2
- gp-4104g
- hmist6700
- sp-5500tp
- gp-4107w
- sp-5b41
- hmist6500
- hmi_sto_512
- hmist6600
- sp-5700wc
- ecostruxure_operator_terminal_expert
- st-6200wa
- hmi_sto_531
- gp-4106w
- sp-5600tp
- pro-face_blue
- hmig5u
- gp-4104w
- gp-4105g
- sp-5500wa
- st-6600wa
- hmig3u
- gp-4106g
- hmi_sto_511
- sp-5660tp
CWE
CWE-20
Improper Input Validation