CVE-2020-7523

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 86.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric Modbus Driver SuiteSchneider-electric Modbus Serial Driver
Timeline
PublishedAug 31
Latest updateMay 24

Description

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-pxg4-q469-ggv7: Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cau2022-05-24
CVEList
CVE-2020-7523: Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cau2020-08-31
CVE-2020-7523 (HIGH CVSS 7.8) | Improper Privilege Management vulne | cvebase.io