CVE-2020-7480

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2020-070-04/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-23 20:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-7480

Mitre link : CVE-2020-7480

CVE.ORG link : CVE-2020-7480

JSON object : View

Products Affected

schneider-electric

andover_continuum_9924_firmware
andover_continuum_9941
andover_continuum_9200_firmware
andover_continuum_5720
andover_continuum_9900_firmware
andover_continuum_bcx9640
andover_continuum_bcx4040
andover_continuum_9924
andover_continuum_9702
andover_continuum_5740
andover_continuum_9200
andover_continuum_9941_firmware
andover_continuum_9900
andover_continuum_bcx9640_firmware
andover_continuum_9680
andover_continuum_9940
andover_continuum_9940_firmware
andover_continuum_9702_firmware
andover_continuum_5720_firmware
andover_continuum_9680_firmware
andover_continuum_5740_firmware
andover_continuum_bcx4040_firmware

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

9.8 /10