CVE-2020-28213 : Security Advisory and Response
Learn about CVE-2020-28213, a CWE-494 vulnerability in PLC Simulator on EcoStruxure Control Expert (now Unity Pro) that could lead to unauthorized command execution. Find mitigation steps here.
A CWE-494 vulnerability exists in PLC Simulator on EcoStruxure Control Expert (now Unity Pro) that could lead to unauthorized command execution.
Understanding CVE-2020-28213
This CVE involves a vulnerability in PLC Simulator on EcoStruxure Control Expert (now Unity Pro) that allows unauthorized command execution.
What is CVE-2020-28213?
The CVE-2020-28213 is a CWE-494 vulnerability that enables unauthorized command execution by sending specially crafted requests over Modbus in PLC Simulator on EcoStruxure Control Expert (now Unity Pro).
The Impact of CVE-2020-28213
The vulnerability could result in unauthorized command execution, posing a significant security risk to affected systems.
Technical Details of CVE-2020-28213
This section provides technical details about the vulnerability.
Vulnerability Description
A CWE-494 vulnerability in PLC Simulator on EcoStruxure Control Expert (now Unity Pro) allows the download of code without integrity checks, leading to unauthorized command execution.
Affected Systems and Versions
- Product: PLC Simulator on EcoStruxure Control Expert (now Unity Pro) (all versions)
Exploitation Mechanism
The vulnerability can be exploited by sending specially crafted requests over Modbus.
Mitigation and Prevention
Protect your systems from CVE-2020-28213 with the following measures:
Immediate Steps to Take
- Apply security patches provided by the vendor
- Monitor network traffic for any suspicious activity
- Implement strong access controls
Long-Term Security Practices
- Regularly update and patch software and firmware
- Conduct security assessments and penetration testing
- Educate users on cybersecurity best practices
Patching and Updates
Ensure timely installation of security patches and updates to mitigate the risk of exploitation.