CVE-2020-7487

2020-04-2218:50:25

CWE-345

schneider

www.cve.org

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

JSON

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.

CNA Affected

[
  {
    "product": "EcoStruxure Machine Expert (all versions)SoMachine, SoMachine Motion (all versions)Modicon M218 Logic Controller (all versions)Modicon M241 Logic Controller (all versions)Modicon M251 Logic Controller (all versions)Modicon M258 Logic Controller (all versions)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EcoStruxure Machine Expert (all versions)SoMachine, SoMachine Motion (all versions)Modicon M218 Logic Controller (all versions)Modicon M241 Logic Controller (all versions)Modicon M251 Logic Controller (all versions)Modicon M258 Logic Controller (all versions)"
      }
    ]
  }
]

References

www.se.com/ww/en/download/document/SEVD-2020-105-02