Request a Demo
Rewterz
Rewterz Threat Alert – Blue Mockingbird malware gang infects thousands of enterprise systems
May 26, 2020
Rewterz
Rewterz Threat Advisory – CVE-2020-8482 – ICS: ABB Device Library Wizard Information Disclosure Vulnerability
May 26, 2020

Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Operator Terminal Expert

Severity

Medium

Analysis Summary

CVE-2020-7493

An attacker could exploit an SQL injection vulnerability by enticing a user to open a maliciously crafted project file.

CVE-2020-7494

An attacker could exploit this path traversal vulnerability by getting a user to visit a malicious page or open a malicious file.

CVE-2020-7495

An attacker could exploit this path traversal vulnerability by getting a user to visit a malicious page or open a malicious file.

CVE-2020-7496 

A remote attacker can trick a victim to open a specially crafted project file and gain unauthorized write access to the target system.

CVE-2020-7497 

A vulnerability exists that could cause arbitrary application execution when the computer starts.

Impact

  • SQL Injection, 
  • Path Traversal 
  • Argument Injection

Affected Vendors

Schneider Electric

Affected Products

EcoStruxure Operator Terminal Expert 3.1 Service Pack 1

Remediation

Schneider Electric recommends users update to EcoStruxure Operator Terminal Expert Version 3.1 Service Pack 1A.