Rewterz

Rewterz Threat Advisory – CVE-2020-16017 – Google Chrome site isolation code execution

November 12, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-25163 – ICS: OSIsoft PI Vision

November 12, 2020

Rewterz Threat Advisory – CVE-2020-7538 – ICS: Schneider Electric PLC Simulator for EcoStruxure Control Expert

Severity

Medium

Analysis Summary

A vulnerability exists that could cause a crash of the PLC simulator present in EcoStruxure Control Expert software when receiving a specially crafted request over Modbus.

Impact

Denial of service

Affected Vendors

Schneider Electric

Affected Products

  • PLC Simulator for EcoStruxure Control Expert
  • all versions
  • PLC Simulator for Unity Pro (former name of EcoStruxure Control Expert)
  • all versions

Remediation

Schneider Electric has released Version 15.0 of the EcoStruxure Control Expert software to mitigate this vulnerability.

Schneider Electric website

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.