CVE-2020-7545

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.2HIGH

EPSS

0.5%

top 35.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Energy Expert Schneider-electric Ecostruxure Power Monitoring Expert Schneider-electric Power Manager +2 more

Timeline

PublishedDec 1

Latest updateMay 24

Description

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5ecostruxureª_and_smartstruxureª_power_monitoring_and_scada_software_(see_security_notification_for_version_information)EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)

▶NVDschneider-electric/ecostruxure_power_monitoring_expert7.0, 8.0, 9.0+2

▶NVDschneider-electric/powerscada_expert_with_advanced_reporting_and_dashboards8.0

▶NVDschneider-electric/powerscada_operation_with_advanced_reporting_and_dashboards9.0

▶NVDschneider-electric/power_manager1.1, 1.2, 1.3+2

🔴Vulnerability Details

GHSA

GHSA-x2vm-m96w-rq2c: A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notificati↗2022-05-24

▶

CVEList

CVE-2020-7545: A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notificati↗2020-12-01

▶