{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T13:57:57.018","vulnerabilities":[{"cve":{"id":"CVE-2020-28212","sourceIdentifier":"cybersecurity@se.com","published":"2020-11-19T22:15:13.490","lastModified":"2024-11-21T05:22:29.043","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus."},{"lang":"es","value":"CWE-307: Se presenta una vulnerabilidad de Restricción Inapropiada de Intentos de Autenticación Excesivos en el Simulador de PLC en EcoStruxureª Control Expert (ahora Unity Pro) (todas las versiones) que podría causar la ejecución no autorizada de comandos cuando se realiza un ataque de fuerza bruta mediante Modbus"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*","matchCriteriaId":"18E8CCC1-A467-4FEF-964D-8481EAE892EC"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-07","source":"cybersecurity@se.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-07","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}