Unrated severityNVD Advisory· Published Jan 25, 2021· Updated Aug 4, 2024

CVE-2020-28221

Description

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.

Affected products

EcoStruxure/EcoStruxure™ Operator Terminal Expert and Pro-face BLUEdescription
Schneider Electric/Pro-face BLUEllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.se.com/ww/en/download/document/SEVD-2021-012-01/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000