CVE-2020-28213

Summary

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.

Affected Software

VendorProductVersion RangeStatus
n/aPLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)affected

Weaknesses

  • CWE-494: CWE-494: Download of Code Without Integrity Check

ADP Enrichment

CVE Program Container

Additional References

References