{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T16:21:22.466","vulnerabilities":[{"cve":{"id":"CVE-2020-28213","sourceIdentifier":"cybersecurity@se.com","published":"2020-11-19T22:15:13.597","lastModified":"2026-06-17T03:10:12.800","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus."},{"lang":"es","value":"CWE-494: Se presenta una vulnerabilidad Descarga de Código Sin Comprobación de Integridad en el Simulador de PLC en EcoStruxureª Control Expert (ahora Unity Pro) (todas las versiones) que podría causar la ejecución de comandos no autorizados cuando se envía peticiones especialmente diseñadas mediante Modbus"}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"n/a","product":"PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)","versions":[{"version":"PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-494"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*","matchCriteriaId":"18E8CCC1-A467-4FEF-964D-8481EAE892EC"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-07","source":"cybersecurity@se.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-07","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}