CVE-2020-7480

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-23 20:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-7480

Mitre link : CVE-2020-7480

CVE.ORG link : CVE-2020-7480


JSON object : View

Products Affected

schneider-electric

  • andover_continuum_9941
  • andover_continuum_9924_firmware
  • andover_continuum_9702
  • andover_continuum_9941_firmware
  • andover_continuum_9680_firmware
  • andover_continuum_9200_firmware
  • andover_continuum_5720
  • andover_continuum_9200
  • andover_continuum_bcx4040
  • andover_continuum_5740_firmware
  • andover_continuum_bcx9640
  • andover_continuum_bcx4040_firmware
  • andover_continuum_9680
  • andover_continuum_5720_firmware
  • andover_continuum_9702_firmware
  • andover_continuum_9924
  • andover_continuum_9940_firmware
  • andover_continuum_9900
  • andover_continuum_5740
  • andover_continuum_9900_firmware
  • andover_continuum_9940
  • andover_continuum_bcx9640_firmware
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')