cvelistv5 - cve-2020-28220

CVE-2020-28220 (GCVE-0-2020-28220)

Vulnerability from cvelistv5 – Published: 2020-12-11 00:51 – Updated: 2024-08-04 16:33

Summary

Severity ?

No CVSS data available.

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

schneider

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)	Affected: Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:33:58.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-11T00:51:29",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-28220",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-28220",
    "datePublished": "2020-12-11T00:51:29",
    "dateReserved": "2020-11-05T00:00:00",
    "dateUpdated": "2024-08-04T16:33:58.490Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0.4.11\", \"matchCriteriaId\": \"33239FF5-5E5D-45E8-932B-DA50AA8744E0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFBF6514-3E32-4C8E-81BA-D6464824351F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29636208-D72F-493A-A94A-A230AEA8733C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:somachine_motion:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D458B41F-DE55-4E06-97FA-E2F7A71C2EAF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.\"}, {\"lang\": \"es\", \"value\": \"Una CWE-119: Se presenta una vulnerabilidad Restricci\\u00f3n Inapropiada de Operaciones dentro de los L\\u00edmites de un B\\u00fafer de Memoria en Modicon M258 Firmware (todas las versiones anteriores a V5.0.4.11) y el software SoMachine/SoMachine Motion (todas las versiones), que podr\\u00eda causar un desbordamiento del b\\u00fafer cuando la longitud de un archivo transferido al servidor web no es verificado\"}]",
      "id": "CVE-2020-28220",
      "lastModified": "2024-11-21T05:22:29.963",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 5.2, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 5.1, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-12-11T01:15:11.940",
      "references": "[{\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2020-343-09/\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2020-343-09/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-28220\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2020-12-11T01:15:11.940\",\"lastModified\":\"2024-11-21T05:22:29.963\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.\"},{\"lang\":\"es\",\"value\":\"Una CWE-119: Se presenta una vulnerabilidad Restricci\u00f3n Inapropiada de Operaciones dentro de los L\u00edmites de un B\u00fafer de Memoria en Modicon M258 Firmware (todas las versiones anteriores a V5.0.4.11) y el software SoMachine/SoMachine Motion (todas las versiones), que podr\u00eda causar un desbordamiento del b\u00fafer cuando la longitud de un archivo transferido al servidor web no es verificado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":5.2,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.1,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.4.11\",\"matchCriteriaId\":\"33239FF5-5E5D-45E8-932B-DA50AA8744E0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFBF6514-3E32-4C8E-81BA-D6464824351F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29636208-D72F-493A-A94A-A230AEA8733C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:somachine_motion:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D458B41F-DE55-4E06-97FA-E2F7A71C2EAF\"}]}]}],\"references\":[{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2020-343-09/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2020-343-09/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-801

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EcoStruxure™ Control Expert
Unity Pro (former name of EcoStruxure™ Control Expert)
EcoStruxure Geo SCADA Expert 2019 versions antérieures à 81.7613.1
EcoStruxure Geo SCADA Expert 2020 versions antérieures à 83.7613.1
Modicon M340 CPU BMXP34* versions antérieures à V3.3
Modicon M340 Ethernet Communication modules BMXNOC0401 versions antérieures à V2.10 (*)
Modicon M340 Ethernet Communication modules BMXNOE0100 versions antérieures à V3.4
Modicon M340 Ethernet Communication modules BMXNOE0110 versions antérieures à V6.6
Modicon Premium processors with integrated Ethernet COPRO TSXP574634, TSXP575634, TSXP576634
Modicon Quantum CPUs 140CPU65xxxxx versions antérieures à V6.1 (*)
Modicon Quantum communication modules 140NOE771x1 versions antérieures à V7.3 (*)
Modicon Quantum communication modules 140NOC78x00 versions antérieures à V1.74 (*)
Modicon Quantum communication modules 140NOC77101 versions antérieures à V1.08
Modicon Premium communication modules TSXETY4103 versions antérieures à V6.2 (*)
Modicon Premium communication modules TSXETY5103 versions antérieures à V6.4 (*)
Modicon Premium CPUs TSXP574634, TSXP575634, TSXP576634 versions antérieures à V6.1 (*)
BMXNOE0100
BMXNOE0110
BMXNOR0200H
BMXNOR200H
Modicon M580 CPUs BMEx58xxxxx microgiciel versions antérieures à 3.20
Modicon M258 versions antérieures à 5.0.4.11
SoMachine/SoMachine Motion software

(*) ces versions ne corrigent pas toutes les vulnérabilités

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2020-343-02 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-06 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-01 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-07 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-04 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-05 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-09 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-08 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-03 du 06 décembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eEcoStruxure\u2122 Control Expert\u003c/li\u003e \u003cli\u003eUnity Pro (former name of EcoStruxure\u2122 Control Expert)\u003c/li\u003e \u003cli\u003eEcoStruxure Geo SCADA Expert 2019 versions ant\u00e9rieures \u00e0 81.7613.1\u003c/li\u003e \u003cli\u003eEcoStruxure Geo SCADA Expert 2020 versions ant\u00e9rieures \u00e0 83.7613.1\u003c/li\u003e \u003cli\u003eModicon M340 CPU BMXP34* versions ant\u00e9rieures \u00e0 V3.3\u003c/li\u003e \u003cli\u003eModicon M340 Ethernet Communication modules BMXNOC0401 versions ant\u00e9rieures \u00e0 V2.10 (*)\u003c/li\u003e \u003cli\u003eModicon M340 Ethernet Communication modules BMXNOE0100 versions ant\u00e9rieures \u00e0 V3.4\u003c/li\u003e \u003cli\u003eModicon M340 Ethernet Communication modules BMXNOE0110 versions ant\u00e9rieures \u00e0 V6.6\u003c/li\u003e \u003cli\u003eModicon Premium processors with integrated Ethernet COPRO TSXP574634, TSXP575634, TSXP576634\u003c/li\u003e \u003cli\u003eModicon Quantum CPUs 140CPU65xxxxx versions ant\u00e9rieures \u00e0 V6.1 (*)\u003c/li\u003e \u003cli\u003eModicon Quantum communication modules 140NOE771x1 versions ant\u00e9rieures \u00e0 V7.3 (*)\u003c/li\u003e \u003cli\u003eModicon Quantum communication modules 140NOC78x00 versions ant\u00e9rieures \u00e0 V1.74 (*)\u003c/li\u003e \u003cli\u003eModicon Quantum communication modules 140NOC77101 versions ant\u00e9rieures \u00e0 V1.08\u003c/li\u003e \u003cli\u003eModicon Premium communication modules TSXETY4103 versions ant\u00e9rieures \u00e0 V6.2 (*)\u003c/li\u003e \u003cli\u003eModicon Premium communication modules TSXETY5103 versions ant\u00e9rieures \u00e0 V6.4 (*)\u003c/li\u003e \u003cli\u003eModicon Premium CPUs TSXP574634, TSXP575634, TSXP576634 versions ant\u00e9rieures \u00e0 V6.1 (*)\u003c/li\u003e \u003cli\u003eBMXNOE0100\u003c/li\u003e \u003cli\u003eBMXNOE0110\u003c/li\u003e \u003cli\u003eBMXNOR0200H\u003c/li\u003e \u003cli\u003eBMXNOR200H\u003c/li\u003e \u003cli\u003eModicon M580 CPUs BMEx58xxxxx microgiciel versions ant\u00e9rieures \u00e0 3.20\u003c/li\u003e \u003cli\u003eModicon M258 versions ant\u00e9rieures \u00e0 5.0.4.11\u003c/li\u003e \u003cli\u003eSoMachine/SoMachine Motion software\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e(*) ces versions ne corrigent pas toutes les vuln\u00e9rabilit\u00e9s\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7535"
    },
    {
      "name": "CVE-2020-7542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7542"
    },
    {
      "name": "CVE-2020-7549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7549"
    },
    {
      "name": "CVE-2020-7537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7537"
    },
    {
      "name": "CVE-2020-7560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7560"
    },
    {
      "name": "CVE-2020-28219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28219"
    },
    {
      "name": "CVE-2020-7536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7536"
    },
    {
      "name": "CVE-2020-7543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7543"
    },
    {
      "name": "CVE-2020-28220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28220"
    },
    {
      "name": "CVE-2020-7540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7540"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-801",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-12-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-02 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-02/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-06 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-01 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-01/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-07 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-04 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-05 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-09 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-08 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-03 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
    }
  ]
}

CERTFR-2020-AVI-801

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EcoStruxure™ Control Expert
Unity Pro (former name of EcoStruxure™ Control Expert)
EcoStruxure Geo SCADA Expert 2019 versions antérieures à 81.7613.1
EcoStruxure Geo SCADA Expert 2020 versions antérieures à 83.7613.1
Modicon M340 CPU BMXP34* versions antérieures à V3.3
Modicon M340 Ethernet Communication modules BMXNOC0401 versions antérieures à V2.10 (*)
Modicon M340 Ethernet Communication modules BMXNOE0100 versions antérieures à V3.4
Modicon M340 Ethernet Communication modules BMXNOE0110 versions antérieures à V6.6
Modicon Premium processors with integrated Ethernet COPRO TSXP574634, TSXP575634, TSXP576634
Modicon Quantum CPUs 140CPU65xxxxx versions antérieures à V6.1 (*)
Modicon Quantum communication modules 140NOE771x1 versions antérieures à V7.3 (*)
Modicon Quantum communication modules 140NOC78x00 versions antérieures à V1.74 (*)
Modicon Quantum communication modules 140NOC77101 versions antérieures à V1.08
Modicon Premium communication modules TSXETY4103 versions antérieures à V6.2 (*)
Modicon Premium communication modules TSXETY5103 versions antérieures à V6.4 (*)
Modicon Premium CPUs TSXP574634, TSXP575634, TSXP576634 versions antérieures à V6.1 (*)
BMXNOE0100
BMXNOE0110
BMXNOR0200H
BMXNOR200H
Modicon M580 CPUs BMEx58xxxxx microgiciel versions antérieures à 3.20
Modicon M258 versions antérieures à 5.0.4.11
SoMachine/SoMachine Motion software

(*) ces versions ne corrigent pas toutes les vulnérabilités

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2020-343-02 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-06 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-01 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-07 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-04 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-05 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-09 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-08 du 06 décembre 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-343-03 du 06 décembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eEcoStruxure\u2122 Control Expert\u003c/li\u003e \u003cli\u003eUnity Pro (former name of EcoStruxure\u2122 Control Expert)\u003c/li\u003e \u003cli\u003eEcoStruxure Geo SCADA Expert 2019 versions ant\u00e9rieures \u00e0 81.7613.1\u003c/li\u003e \u003cli\u003eEcoStruxure Geo SCADA Expert 2020 versions ant\u00e9rieures \u00e0 83.7613.1\u003c/li\u003e \u003cli\u003eModicon M340 CPU BMXP34* versions ant\u00e9rieures \u00e0 V3.3\u003c/li\u003e \u003cli\u003eModicon M340 Ethernet Communication modules BMXNOC0401 versions ant\u00e9rieures \u00e0 V2.10 (*)\u003c/li\u003e \u003cli\u003eModicon M340 Ethernet Communication modules BMXNOE0100 versions ant\u00e9rieures \u00e0 V3.4\u003c/li\u003e \u003cli\u003eModicon M340 Ethernet Communication modules BMXNOE0110 versions ant\u00e9rieures \u00e0 V6.6\u003c/li\u003e \u003cli\u003eModicon Premium processors with integrated Ethernet COPRO TSXP574634, TSXP575634, TSXP576634\u003c/li\u003e \u003cli\u003eModicon Quantum CPUs 140CPU65xxxxx versions ant\u00e9rieures \u00e0 V6.1 (*)\u003c/li\u003e \u003cli\u003eModicon Quantum communication modules 140NOE771x1 versions ant\u00e9rieures \u00e0 V7.3 (*)\u003c/li\u003e \u003cli\u003eModicon Quantum communication modules 140NOC78x00 versions ant\u00e9rieures \u00e0 V1.74 (*)\u003c/li\u003e \u003cli\u003eModicon Quantum communication modules 140NOC77101 versions ant\u00e9rieures \u00e0 V1.08\u003c/li\u003e \u003cli\u003eModicon Premium communication modules TSXETY4103 versions ant\u00e9rieures \u00e0 V6.2 (*)\u003c/li\u003e \u003cli\u003eModicon Premium communication modules TSXETY5103 versions ant\u00e9rieures \u00e0 V6.4 (*)\u003c/li\u003e \u003cli\u003eModicon Premium CPUs TSXP574634, TSXP575634, TSXP576634 versions ant\u00e9rieures \u00e0 V6.1 (*)\u003c/li\u003e \u003cli\u003eBMXNOE0100\u003c/li\u003e \u003cli\u003eBMXNOE0110\u003c/li\u003e \u003cli\u003eBMXNOR0200H\u003c/li\u003e \u003cli\u003eBMXNOR200H\u003c/li\u003e \u003cli\u003eModicon M580 CPUs BMEx58xxxxx microgiciel versions ant\u00e9rieures \u00e0 3.20\u003c/li\u003e \u003cli\u003eModicon M258 versions ant\u00e9rieures \u00e0 5.0.4.11\u003c/li\u003e \u003cli\u003eSoMachine/SoMachine Motion software\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e(*) ces versions ne corrigent pas toutes les vuln\u00e9rabilit\u00e9s\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7535"
    },
    {
      "name": "CVE-2020-7542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7542"
    },
    {
      "name": "CVE-2020-7549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7549"
    },
    {
      "name": "CVE-2020-7537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7537"
    },
    {
      "name": "CVE-2020-7560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7560"
    },
    {
      "name": "CVE-2020-28219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28219"
    },
    {
      "name": "CVE-2020-7536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7536"
    },
    {
      "name": "CVE-2020-7543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7543"
    },
    {
      "name": "CVE-2020-28220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28220"
    },
    {
      "name": "CVE-2020-7540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7540"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-801",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-12-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-02 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-02/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-06 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-01 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-01/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-07 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-04 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-05 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-09 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-08 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-03 du 06 d\u00e9cembre 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
    }
  ]
}

GHSA-XFPF-X83H-3XXJ

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-28220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-11T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.",
  "id": "GHSA-xfpf-x83h-3xxj",
  "modified": "2022-05-24T17:36:05Z",
  "published": "2022-05-24T17:36:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28220"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-202012-0820

Vulnerability from variot - Updated: 2023-12-18 12:16

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. Modicon M258 firmware, SoMachine , SoMachine Motion The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric Modicon M258 is a programmable automation controller produced by Schneider Electric in France

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202012-0820",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "modicon m258",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "5.0.4.11"
      },
      {
        "model": "somachine motion",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "*"
      },
      {
        "model": "somachine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "*"
      },
      {
        "model": "somachine motion",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "modicon m258",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "somachine",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-28220"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.0.4.11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:somachine_motion:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-28220"
      }
    ]
  },
  "cve": "CVE-2020-28220",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-28220",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "id": "VHN-372755",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-28220",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-28220",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202012-936",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-372755",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-28220",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372755"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-28220"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-28220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-936"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. Modicon M258 firmware, SoMachine , SoMachine Motion The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric Modicon M258 is a programmable automation controller produced by Schneider Electric in France",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-28220"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "db": "VULHUB",
        "id": "VHN-372755"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-28220"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-28220",
        "trust": 2.6
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2020-343-09",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-936",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-372755",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-28220",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372755"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-28220"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-28220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-936"
      }
    ]
  },
  "id": "VAR-202012-0820",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372755"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:16:41.216000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2020-343-09",
        "trust": 0.8,
        "url": "https://www.se.com/ww/en/download/document/sevd-2020-343-09/"
      },
      {
        "title": "Schneider Electric Modicon M258 Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=136599"
      },
      {
        "title": "CVE-2020-28220",
        "trust": 0.1,
        "url": "https://github.com/alaial90/cve-2020-28220 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-28220"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-936"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.1
      },
      {
        "problemtype": "Buffer error (CWE-119) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372755"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-28220"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.se.com/ww/en/download/document/sevd-2020-343-09/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28220"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alaial90/cve-2020-28220"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372755"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-28220"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-28220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-936"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-372755"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-28220"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-28220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-936"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372755"
      },
      {
        "date": "2020-12-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-28220"
      },
      {
        "date": "2021-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "date": "2020-12-11T01:15:11.940000",
        "db": "NVD",
        "id": "CVE-2020-28220"
      },
      {
        "date": "2020-12-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202012-936"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372755"
      },
      {
        "date": "2021-08-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-28220"
      },
      {
        "date": "2021-08-13T09:04:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      },
      {
        "date": "2022-02-03T16:10:26.990000",
        "db": "NVD",
        "id": "CVE-2020-28220"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202012-936"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-936"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Schneider\u00a0Electric\u00a0 Buffer error vulnerability in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014347"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202012-936"
      }
    ],
    "trust": 0.6
  }
}

GSD-2020-28220

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-28220

Aliases

CVE-2020-28220

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-28220",
    "description": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.",
    "id": "GSD-2020-28220"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-28220"
      ],
      "details": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.",
      "id": "GSD-2020-28220",
      "modified": "2023-12-13T01:22:01.615154Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2020-28220",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/",
            "refsource": "CONFIRM",
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.0.4.11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:somachine_motion:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-28220"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 5.1,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-02-03T16:10Z",
      "publishedDate": "2020-12-11T01:15Z"
    }
  }
}

FKIE_CVE-2020-28220

Vulnerability from fkie_nvd - Published: 2020-12-11 01:15 - Updated: 2024-11-21 05:22

Severity ?

6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2020-343-09/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2020-343-09/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m258_firmware	*
schneider-electric	modicon_m258	-
schneider-electric	somachine	*
schneider-electric	somachine_motion	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33239FF5-5E5D-45E8-932B-DA50AA8744E0",
              "versionEndExcluding": "5.0.4.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFBF6514-3E32-4C8E-81BA-D6464824351F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29636208-D72F-493A-A94A-A230AEA8733C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:somachine_motion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D458B41F-DE55-4E06-97FA-E2F7A71C2EAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified."
    },
    {
      "lang": "es",
      "value": "Una CWE-119: Se presenta una vulnerabilidad Restricci\u00f3n Inapropiada de Operaciones dentro de los L\u00edmites de un B\u00fafer de Memoria en Modicon M258 Firmware (todas las versiones anteriores a V5.0.4.11) y el software SoMachine/SoMachine Motion (todas las versiones), que podr\u00eda causar un desbordamiento del b\u00fafer cuando la longitud de un archivo transferido al servidor web no es verificado"
    }
  ],
  "id": "CVE-2020-28220",
  "lastModified": "2024-11-21T05:22:29.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.2,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-11T01:15:11.940",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-28220 (GCVE-0-2020-28220)

CERTFR-2020-AVI-801

Solution

CERTFR-2020-AVI-801

Solution

GHSA-XFPF-X83H-3XXJ

VAR-202012-0820

GSD-2020-28220

FKIE_CVE-2020-28220

Tags

Sightings

Nomenclature