schneider-electric ecostruxure-geo-scada-expert-2019 CVE-2020-28219 vulnerability in Schneider Electric Products
Published on December 11, 2020

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX.

NVD

Weakness Type

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.


Products Associated with CVE-2020-28219

stack.watch emails you whenever new vulnerabilities are published in Schneider Electric Ecostruxure Geo Scada Expert 2019 or Schneider Electric Ecostruxure Geo Scada Expert 2020. Just hit a watch button to start following.

Schneider Electric Ecostruxure Geo Scada Expert 2019
 
Schneider Electric Ecostruxure Geo Scada Expert 2020
 

Exploit Probability

EPSS
0.05%
Percentile
14.49%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.