Vulnerability CVE-2020-7545
Published: 2020-12-01

Description:
A CWE-284:Improper Access Control vulnerability exists in EcoStruxure? and SmartStruxure? Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

Type:

CWE-284

 (Improper Access Control)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Schneider-electric -> Ecostruxure energy expert 
Schneider-electric -> Ecostruxure power monitoring expert 
Schneider-electric -> Power manager 
Schneider-electric -> Powerscada expert with advanced reporting and dashboards 
Schneider-electric -> Powerscada operation with advanced reporting and dashboards 

 References:
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/
Copyright 2024, cxsecurity.com

 

Back to Top