A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
References
Link | Resource |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2021-012-01/ | Patch Vendor Advisory |
https://www.se.com/ww/en/download/document/SEVD-2021-012-01/ | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 05:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.se.com/ww/en/download/document/SEVD-2021-012-01/ - Patch, Vendor Advisory |
Information
Published : 2021-01-26 18:15
Updated : 2024-11-21 05:22
NVD link : CVE-2020-28221
Mitre link : CVE-2020-28221
CVE.ORG link : CVE-2020-28221
JSON object : View
Products Affected
schneider-electric
- hmist6200
- gp-4107g
- sp-5800wc
- gp-4104g
- st-6200wa
- sp-5700wc
- hmist6700
- hmist6600
- hmist6400
- pro-face_blue
- hmig3x
- gp-4107w
- sp-5660tp
- sp-5500wa
- sp-5700tp
- hmi_sto_531
- hmi_sto_512
- st-6400wa
- sp-5b00
- ecostruxure_operator_terminal_expert
- sp-5400wa
- st-6500wa
- gp-4105w
- sp-5600wa
- sp-5b10
- hmi_sto_501
- hmig5u2
- st-6700wa
- st-6600wa
- hmi_sto_511
- hmist6500
- hmig3u
- gp-4105g
- hmig5u
- sp-5600ta
- gp-4104w
- sp-5b41
- gp-4106g
- gp-4106w
- sp-5500tp
- sp-5600tp
- hmi_sto_532
CWE
CWE-20
Improper Input Validation