Vulnerability CVE-2020-7523


Published: 2020-08-31

Description:
Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Schneider electric -> Modbus driver suite 
Schneider electric -> Modbus serial driver 

 References:
https://www.se.com/ww/en/download/document/SEVD-2020-224-01/

Copyright 2024, cxsecurity.com

 

Back to Top