VDB
ICSA-20-336-01
ICSA-20-336-01
PUBLISHED
CVSS 7.400000095367432 HIGH
Successful exploitation of this vulnerability may allow unauthorized command execution by a local user of the Windows engineering workstation, which could result in loss of availability, confidentiality, and integrity of the workstation where EcoStruxure Operator Terminal Expert runtime is installed.
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Harmony iPC (HMIG5U HMIG5U2) using legacy BIOS EcoStruxure Operator Terminal Expert Runtime: 3.1 Service Pack 1A and prior installed | ||
| Windows PC using legacy BIOS EcoStruxure Operator Terminal Expert Runtime: 3.1 Service Pack 1A and prior installed |
Timeline
- Dec 1, 2020 CVE Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-336-01.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-20-336-01 advisory
- https://us-cert.cisa.gov/ncas/tips/ST04-014 url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B url
- https://www.se.com/ww/en/product-range-download/62621-ecostruxure%E2%84%A2-operator-terminal-expert/#/software-firmware-tab fix
- https://www.se.com/us/en/download/document/CS-Best-Practices-2019-340/ fix
- https://www.se.com/ww/en/download/document/SEVD-2020-315-02/ fix