CVE-2020-7479

Published: Mar 23, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.

Affected (1)

Products: Schneider Electric: Interactive Graphical Scada System

Schneider Electric

1 product

Interactive Graphical Scada System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Interactive Graphical Scada System	From 14.0 to 14.0.0.20009

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://www.se.com/ww/en/download/document/SEVD-2020-070-01/

Source: cybersecurity@se.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-370/

Source: cybersecurity@se.com

Third Party AdvisoryVDB Entry

https://www.se.com/ww/en/download/document/SEVD-2020-070-01/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-370/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.