Vulnerability CVE-2020-7546


Published: 2020-12-01

Description:
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure? and SmartStruxure? Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Schneider-electric -> Ecostruxure energy expert 
Schneider-electric -> Ecostruxure power monitoring expert 
Schneider-electric -> Power manager 
Schneider-electric -> Powerscada expert with advanced reporting and dashboards 
Schneider-electric -> Powerscada operation with advanced reporting and dashboards 

 References:
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/

Copyright 2024, cxsecurity.com

 

Back to Top