CVE-2020-28219

Published: Dec 11, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX.

Affected (2)

Products: Schneider Electric: Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020

Schneider Electric

2 products

Ecostruxure Geo Scada Expert 2019

Ecostruxure Geo Scada Expert 2020

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure Geo Scada Expert 2019	From 81.7268.1 to 81.7578.1
Schneider Electric Ecostruxure Geo Scada Expert 2020	From 83.7551.1 to 83.7578.1

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2020-343-02/

Source: cybersecurity@se.com

Vendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2020-343-02/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.