Rewterz Threat Advisory – CVE-2020-16017 – Google Chrome site isolation code execution
November 12, 2020Rewterz Threat Advisory – CVE-2020-25163 – ICS: OSIsoft PI Vision
November 12, 2020Rewterz Threat Advisory – CVE-2020-16017 – Google Chrome site isolation code execution
November 12, 2020Rewterz Threat Advisory – CVE-2020-25163 – ICS: OSIsoft PI Vision
November 12, 2020Severity
Medium
Analysis Summary
A vulnerability exists that could cause a crash of the PLC simulator present in EcoStruxure Control Expert software when receiving a specially crafted request over Modbus.
Impact
Denial of service
Affected Vendors
Schneider Electric
Affected Products
- PLC Simulator for EcoStruxure Control Expert
- all versions
- PLC Simulator for Unity Pro (former name of EcoStruxure Control Expert)
- all versions
Remediation
Schneider Electric has released Version 15.0 of the EcoStruxure Control Expert software to mitigate this vulnerability.