CVE-2020-7527Incorrect Default Permissions in Somove

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 69.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Somove
Timeline
PublishedAug 31
Latest updateMay 24

Description

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v27g-f72h-2mj6: Incorrect Default Permission vulnerability exists in SoMove (V22022-05-24
CVEList
CVE-2020-7527: Incorrect Default Permission vulnerability exists in SoMove (V22020-08-31
CVE-2020-7527 — Incorrect Default Permissions in Somove | cvebase