CVE-2020-28221
published 2021-01-26CVE-2020-28221: A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_operator_terminal_expert | — | — |
| schneider-electric | pro-face_blue | — | — |