CVE-2020-7560
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code or crash the software by tricking users into opening malicious files in EcoStruxure Control Expert or Unity Pro. All users of these industrial control system programming software packages are affected regardless of version.
💻 Affected Systems
- EcoStruxure Control Expert
- Unity Pro
📦 What is this software?
Ecostruxure Control Expert by Schneider Electric
Unity Pro by Schneider Electric
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to industrial process disruption, data theft, or ransomware deployment on engineering workstations.
Likely Case
Engineering workstation compromise leading to credential theft, lateral movement within OT networks, and potential manipulation of PLC programs.
If Mitigated
Limited to engineering workstation compromise if proper network segmentation and user privilege restrictions are in place.
🎯 Exploit Status
Requires user interaction to open malicious file. No public exploit code available as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Schneider Electric security update
Vendor Advisory: https://www.se.com/ww/en/download/document/SEVD-2020-343-01/
Restart Required: Yes
Instructions:
1. Download the security update from Schneider Electric's website. 2. Close all instances of Control Expert/Unity Pro. 3. Run the installer with administrative privileges. 4. Restart the computer after installation completes.
🔧 Temporary Workarounds
Restrict file opening
windowsImplement policies to only open project files from trusted sources and locations
Application whitelisting
windowsUse Windows AppLocker or similar to restrict execution of Control Expert to specific users/locations
🧯 If You Can't Patch
- Implement strict network segmentation to isolate engineering workstations from business networks
- Use application sandboxing or virtualization to run Control Expert in isolated environments
🔍 How to Verify
Check if Vulnerable:
Check if Control Expert or Unity Pro is installed and version matches affected range (all versions)Check Version:
Check Control Expert/Unity Pro 'About' dialog or Windows registry at HKEY_LOCAL_MACHINE\SOFTWARE\Schneider ElectricVerify Fix Applied:
Verify patch installation through Windows Programs and Features or by checking software version against vendor advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected application crashes of Control Expert/Unity Pro
- Suspicious file access patterns to project files
Network Indicators:
- Unusual outbound connections from engineering workstations
- File transfers of project files to unexpected destinations
SIEM Query:
EventID=1000 Application Error with Faulting Module containing Control Expert/Unity Pro components