What is GHSA-9jpc-mpc7-cwp7?

GHSA-9jpc-mpc7-cwp7 is a security advisory published by GitHub Security Advisories with High severity. A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (...

Which CVE IDs does GHSA-9jpc-mpc7-cwp7 cover?

GHSA-9jpc-mpc7-cwp7 covers the following CVE IDs: CVE-2020-7489. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-9jpc-mpc7-cwp7?

GHSA-9jpc-mpc7-cwp7 has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-9jpc-mpc7-cwp7HighCVSS 9.8

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (...

Vendor

GitHub Security Advisories

Published

May 24, 2022

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2020-7489 →

📋 Description

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2020-7489
https://www.se.com/ww/en/download/document/SEVD-2020-105-01
https://github.com/advisories/GHSA-9jpc-mpc7-cwp7