CVE-2020-7489

CVE-2020-7489

Vendor N/A
Product SoMachine Basic (all versions)EcoStruxure Machine Expert – Basic (all versions)Modicon M100 Logic Controller (all versions)Modicon M200 Logic Controller (all versions)Modicon M221 Logic Controller (all versions)
Weakness CWE-74
Published April 22, 2020
Last update May 28, 2026

CVSS base score

What the vulnerability does

01Description

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.

Key dates

02Disclosure timeline

April 22, 2020 CVE published
May 28, 2026 Record updated