CVE-2020-28221

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 9.3 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2021-012-01/	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:::::::*
	cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:sp1a::::::

OR	cpe:2.3:h:schneider-electric:hmi_sto_501:-:::::::*
	cpe:2.3:h:schneider-electric:hmi_sto_511:-:::::::*
	cpe:2.3:h:schneider-electric:hmi_sto_512:-:::::::*
	cpe:2.3:h:schneider-electric:hmi_sto_531:-:::::::*
	cpe:2.3:h:schneider-electric:hmi_sto_532:-:::::::*
	cpe:2.3:h:schneider-electric:hmig3u:-:::::::*
	cpe:2.3:h:schneider-electric:hmig3x:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5u:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5u2:-:::::::*
	cpe:2.3:h:schneider-electric:hmist6200:-:::::::*
	cpe:2.3:h:schneider-electric:hmist6400:-:::::::*
	cpe:2.3:h:schneider-electric:hmist6500:-:::::::*
	cpe:2.3:h:schneider-electric:hmist6600:-:::::::*
	cpe:2.3:h:schneider-electric:hmist6700:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:schneider-electric:pro-face_blue:3.1:::::::*
	cpe:2.3:a:schneider-electric:pro-face_blue:3.1:sp1a::::::

OR	cpe:2.3:h:schneider-electric:gp-4104g:-:::::::*
	cpe:2.3:h:schneider-electric:gp-4104w:-:::::::*
	cpe:2.3:h:schneider-electric:gp-4105g:-:::::::*
	cpe:2.3:h:schneider-electric:gp-4105w:-:::::::*
	cpe:2.3:h:schneider-electric:gp-4106g:-:::::::*
	cpe:2.3:h:schneider-electric:gp-4106w:-:::::::*
	cpe:2.3:h:schneider-electric:gp-4107g:-:::::::*
	cpe:2.3:h:schneider-electric:gp-4107w:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5400wa:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5500tp:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5500wa:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5800wc:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5700wc:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5700tp:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5660tp:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5600tp:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5600ta:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5600wa:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5b41:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5b10:-:::::::*
	cpe:2.3:h:schneider-electric:sp-5b00:-:::::::*
	cpe:2.3:h:schneider-electric:st-6700wa:-:::::::*
	cpe:2.3:h:schneider-electric:st-6600wa:-:::::::*
	cpe:2.3:h:schneider-electric:st-6500wa:-:::::::*
	cpe:2.3:h:schneider-electric:st-6400wa:-:::::::*
	cpe:2.3:h:schneider-electric:st-6200wa:-:::::::*

Information

Published : 2021-01-26 10:15

Updated : 2021-02-12 11:21

NVD link : CVE-2020-28221

Mitre link : CVE-2020-28221

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

schneider-electric

hmi_sto_532
sp-5600wa
hmist6200
hmist6700
gp-4107g
gp-4106w
hmi_sto_501
hmi_sto_511
gp-4107w
pro-face_blue
hmi_sto_531
ecostruxure_operator_terminal_expert
sp-5700wc
sp-5b10
sp-5b00
st-6600wa
sp-5400wa
hmig3u
hmig3x
st-6200wa
st-6700wa
gp-4104g
hmi_sto_512
sp-5500wa
sp-5800wc
gp-4106g
hmig5u
hmist6400
sp-5b41
sp-5660tp
st-6400wa
hmist6600
gp-4105g
st-6500wa
hmist6500
sp-5700tp
hmig5u2
sp-5500tp
sp-5600ta
gp-4104w
gp-4105w
sp-5600tp

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.se.com/ww/en/download/document/SEVD-2021-012-01/", "name": "https://www.se.com/ww/en/download/document/SEVD-2021-012-01/", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure\u2122 Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-28221", "ASSIGNER": "cybersecurity@schneider-electric.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2021-01-26T18:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:sp1a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:schneider-electric:hmi_sto_501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmi_sto_511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmi_sto_512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmi_sto_531:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmi_sto_532:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmig3u:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmig3x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmig5u:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmig5u2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmist6200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmist6400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmist6500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmist6600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:hmist6700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:schneider-electric:pro-face_blue:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:schneider-electric:pro-face_blue:3.1:sp1a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:schneider-electric:gp-4104g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:gp-4104w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:gp-4105g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:gp-4105w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:gp-4106g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:gp-4106w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:gp-4107g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:gp-4107w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5400wa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5500tp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5500wa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5800wc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5700wc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5700tp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5660tp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5600tp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5600ta:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5600wa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5b41:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5b10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:sp-5b00:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:st-6700wa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:st-6600wa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:st-6500wa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:st-6400wa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:st-6200wa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-02-12T19:21Z"}

9.8 /10