Vulnerabilities > CVE-2020-7560 - Write-what-where Condition vulnerability in Schneider-Electric Ecostruxure Control Expert and Unity PRO

CVSS 8.6 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

schneider-electric

CWE-123

NVD

Published: 2020-12-11

Updated: 2022-01-31

Summary

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Unity PRO * Schneider Electric Ecostruxure Control Expert *	2

Common Weakness Enumeration (CWE)

CWE-123 - Write-what-where Condition

References

https://www.se.com/ww/en/download/document/SEVD-2020-343-01/