Vulnerabilities > CVE-2020-7560 - Write-what-where Condition vulnerability in Schneider-Electric Ecostruxure Control Expert and Unity PRO

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.

Vulnerable Configurations

Part Description Count
Application
Schneider-Electric
2

Common Weakness Enumeration (CWE)