Alexander Perez-Palma and Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered two code execution vulnerabilities in Schneider Electric EcoStruxure. An attacker could exploit these vulnerabilities by sending the victim a specially crafted network request or project archive. coStruxure Control Expert (formerly UnityPro) is Schneider Electric's flagship software for program development, maintenance, and monitoring of industrial networks.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Schneider to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus message processing remote code execution vulnerability (TALOS-2020-1140/CVE-2020-7559)

A code execution vulnerability exists in the Modbus message-processing functionality of Schneider Electric EcoStruxure Control Expert PLC Simulator 14.1. A specially crafted network request can lead to remote code execution. An attacker can send a large Modbus request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus message processing remote code execution vulnerability (TALOS-2020-1144/CVE-2020-7560)

A local code execution vulnerability exists in the APX project file processing functionality of Schneider Electric EcoStruxure Control Expert 14.1. The opening of a STA project archive containing a specially crafted APX project file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that this vulnerability affects Schneider Electric EcoStruxure Control Expert PLC Simulator, version 14.1.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 144:1