Vulnerabilities > Schneider Electric > Ecostruxure Machine Expert > High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-22	CVE-2020-7489	Injection vulnerability in Schneider-Electric products A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). network low complexity schneider-electric CWE-74	7.5
2020-04-22	CVE-2020-7487	Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric products A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. network low complexity schneider-electric CWE-345	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.