CVE-2020-7531 β€” Improper Access Control in Scadapack 7X Remote Connect

CWE-284 β€” Improper Access Control3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 60.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Scadapack 7X Remote Connect
Timeline
PublishedSep 16
Latest updateMay 24

Description

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-q699-f9h8-7v6p: A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3β†—2022-05-24
β–Ά
CVEList
CVE-2020-7531: A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3β†—2020-09-16
β–Ά
CVE-2020-7531 β€” Improper Access Control | cvebase