{"api_version":"1","generated_at":"2026-04-23T09:05:41+00:00","cve":"CVE-2020-28213","urls":{"html":"https://cve.report/CVE-2020-28213","api":"https://cve.report/api/cve/CVE-2020-28213.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-28213","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-28213"},"summary":{"title":"CVE-2020-28213","description":"A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.","state":"PUBLIC","assigner":"cybersecurity@schneider-electric.com","published_at":"2020-11-19 22:15:00","updated_at":"2022-01-31 19:33:00"},"problem_types":["CWE-494"],"metrics":[],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-07","name":"https://www.se.com/ww/en/download/document/SEVD-2020-315-07","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"Security Notification - PLC Simulator on EcoStruxure™ Control Expert | Schneider Electric","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-28213","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28213","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"28213","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"ecostruxure_control_expert","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28213","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"se","cpe5":"ecostruxure_control_expert","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28213","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"se","cpe5":"ecostruxure_control_expert","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-28213","qid":"590719","title":"Schneider Electric PLC Simulator on EcoStruxure Control Expert and Process Expert Multiple Vulnerabilities (SEVD-2020-315-07)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-28213","ASSIGNER":"cybersecurity@schneider-electric.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) ","version":{"version_data":[{"version_value":"PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-494: Download of Code Without Integrity Check"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.se.com/ww/en/download/document/SEVD-2020-315-07","url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-07"}]},"description":{"description_data":[{"lang":"eng","value":"A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus."}]}},"nvd":{"publishedDate":"2020-11-19 22:15:00","lastModifiedDate":"2022-01-31 19:33:00","problem_types":["CWE-494"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"28213","Ordinal":"189949","Title":"CVE-2020-28213","CVE":"CVE-2020-28213","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"28213","Ordinal":"1","NoteData":"A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"28213","Ordinal":"2","NoteData":"2020-11-19","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"28213","Ordinal":"3","NoteData":"2020-11-19","Type":"Other","Title":"Modified"}]}}}