A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
schneider-electric ecostruxure operator terminal expert 3.1 |
||
schneider-electric pro-face blue 3.1 |