CVE-2020-7545

Published: Dec 1, 2020Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

Affected (9)

Products: Schneider Electric: Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager, Powerscada Expert With Advanced Reporting And Dashboards, Powerscada Operation With Advanced Reporting And Dashboards

Schneider Electric

5 products

Ecostruxure Energy Expert

Ecostruxure Power Monitoring Expert

Power Manager

Powerscada Expert With Advanced Reporting And Dashboards

Powerscada Operation With Advanced Reporting And Dashboards

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure Energy Expert	Version 2.0
Schneider Electric Ecostruxure Power Monitoring Expert	Version 7.0
Schneider Electric Ecostruxure Power Monitoring Expert	Version 8.0
Schneider Electric Ecostruxure Power Monitoring Expert	Version 9.0
Schneider Electric Power Manager	Version 1.1
Schneider Electric Power Manager	Version 1.2
Schneider Electric Power Manager	Version 1.3
Schneider Electric Powerscada Expert With Advanced Reporting And Dashboards	Version 8.0
Schneider Electric Powerscada Operation With Advanced Reporting And Dashboards	Version 9.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2020-287-04/

Source: cybersecurity@se.com

Vendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2020-287-04/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.