Schneider Electric EcoStruxure Operator Terminal Expert

CVSS 8.6 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow unauthorized write access or remote code execution.

CVE-2020-7493 CVE-2020-7494 CVE-2020-7495 CVE-2020-7496 CVE-2020-7497

Schneider Electric recommends users update to EcoStruxure Operator Terminal Expert Version 3.1 Service Pack 1A. Schneider Electric offers two methods to get the update
Use EcoStruxure Operator Terminal Expert software only on a trusted workstation.
Do not execute EcoStruxure Operator Terminal Expert software with Windows administrator privileges.
Harden workstation following the best cybersecurity practices (antivirus, updated operating systems, strong password policies, application whitelisting software, etc.) and secure network using Schneider Electric's Cybersecurity Best Practices.
Manage your project file securely to avoid information disclosure or unexpected modifications of data.
Only accept project files from trusted users.
Use project password when saving the project file.
User's password in the application should be configured as a strong password according with the “use complex password” function described in the section titled “Security / Settings / use complex password.”
For more information on these vulnerabilities and updates, please see SEVD-2020-133-04

Schneider Electric Software, LLC

Schneider Electric Software, LLC · EcoStruxure Operator Terminal Expert 3.1 3.1 SP1

Commercial Facilities, Critical Manufacturing, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.