CVE-2020-7480

Published Mar 23, 2020

Last updated 3 months ago

CVSS critical 9.8

Overview

Description: A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
Source: cybersecurity@se.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

cybersecurity@se.com: CWE-94
nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D3343D3-10EA-47A1-9EEC-B8348501BED3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ADB64C97-4C76-4EA1-81BA-BECABB36882F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "911CF8D9-F392-400A-81F0-B55EE724C53F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D425EDA6-288C-4F66-B1E8-D47B52C45371"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88E57181-1965-43F3-BD32-7ADB655353C6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AD829769-A8A2-4362-83F0-DD8C0C66124C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7FC4EFC-3227-498A-A387-456AA33D2668"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3CB3D1AD-9BAE-4DA5-B32B-63F1A2FEE30B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AD56546-BE9B-4AC1-8B28-F6F8EA856607"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1A0F10A1-AC1F-425B-90D4-ECFFEFF8A6F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "406F67ED-EBC8-45CB-8281-CC373BDCEA59"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "49764811-1299-4612-B19E-5D9BE4005186"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B03092B-591B-42D6-A3FA-5895C298920B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7C7C825C-CAB3-4465-B7B8-380E1A20AC0A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "858DC6FD-DCAB-47E8-8795-F86EBC855925"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8AD997D7-5A18-4983-BA8C-D29AA27843C6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "453385B9-4E12-4C66-9F0A-22317444E60F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2FB35B6B-69DC-4A8A-AE3E-CA9A6127B080"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04246590-7180-4B1B-B75A-09CEACFE1CE3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4F721BC6-0CA1-4431-853D-B2D923A66751"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBFA71DD-1640-4C78-A902-2DCE7E369EE8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2DE93F39-BF30-42EF-8387-4C060F075D49"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References