CVE-2020-7559 - OpenCVE

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Ecostruxure Control Expert

Configuration 1 [-]

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.se.com/ww/en/download/document/SEVD-2020-315-07
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1140

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2020-11-19T21:04:25

Updated: 2024-08-04T09:33:19.465Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7559

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-11-19T22:15:14.800

Modified: 2022-02-03T13:48:09.590

Link: CVE-2020-7559

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PLC Simulator on EcoStruxure\u00aa Control Expert (now Unity Pro) (all versions) ", "vendor": "n/a", "versions": [{"status": "affected", "version": "PLC Simulator on EcoStruxure\u00aa Control Expert (now Unity Pro) (all versions)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxure\u00aa Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxure\u00aa Control Expert software when receiving a specially crafted request over Modbus."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-09T13:06:09", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-07"}, {"tags": ["x_refsource_MISC"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1140"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2020-7559", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PLC Simulator on EcoStruxure\u00aa Control Expert (now Unity Pro) (all versions) ", "version": {"version_data": [{"version_value": "PLC Simulator on EcoStruxure\u00aa Control Expert (now Unity Pro) (all versions)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxure\u00aa Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxure\u00aa Control Expert software when receiving a specially crafted request over Modbus."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') "}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-07", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-07"}, {"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1140", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1140"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.465Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-07"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1140"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2020-7559", "datePublished": "2020-11-19T21:04:25", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.465Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "matchCriteriaId": "18E8CCC1-A467-4FEF-964D-8481EAE892EC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxure\u00aa Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxure\u00aa Control Expert software when receiving a specially crafted request over Modbus."}, {"lang": "es", "value": "CWE-120: Se presenta una vulnerabilidad de Copia del B\u00fafer sin Comprobar el Tama\u00f1o de la Entrada (\"Classic Buffer Overflow\") en el Simulador de PLC en EcoStruxure\u00aa Control Expert (ahora Unity Pro) (todas las versiones) que podr\u00eda causar un bloqueo del simulador de PLC presente en el software EcoStruxure\u00aa Control Expert cuando recibe una petici\u00f3n especialmente dise\u00f1ada mediante Modbus"}], "id": "CVE-2020-7559", "lastModified": "2022-02-03T13:48:09.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-19T22:15:14.800", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Product", "Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-07"}, {"source": "cybersecurity@se.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1140"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "cybersecurity@se.com", "type": "Primary"}]}