CVE-2020-28212

Critical

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert…

schneider·CWE-307·Published 2020-11-19

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

263 chars

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

NVDen

263 chars

NVDes

316 chars

CWE-307: Se presenta una vulnerabilidad de Restricción Inapropiada de Intentos de Autenticación Excesivos en el Simulador de PLC en EcoStruxureª Control Expert (ahora Unity Pro) (todas las versiones) que podría causar la ejecución no autorizada de comandos cuando se realiza un ataque de fuerza bruta mediante Modbus

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H