CVE-2020-7544

Published: Nov 19, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert.

Affected (3)

Products: Schneider Electric: Operator Terminal Expert Runtime

Schneider Electric

1 product

Operator Terminal Expert Runtime

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Operator Terminal Expert Runtime	Before 3.1
Schneider Electric Operator Terminal Expert Runtime	Version 3.1
Schneider Electric Operator Terminal Expert Runtime	Version 3.1 service_pack_1a

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2020-315-02/

Source: cybersecurity@se.com

PatchVendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2020-315-02/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.