CVE-2020-7545
published 2020-12-01CVE-2020-7545: A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_energy_expert | — | — |
| schneider-electric | ecostruxure_power_monitoring_expert | — | — |
| schneider-electric | ecostruxure_power_monitoring_expert | — | — |
| schneider-electric | ecostruxure_power_monitoring_expert | — | — |
| schneider-electric | power_manager | — | — |
| schneider-electric | power_manager | — | — |
| schneider-electric | power_manager | — | — |
| schneider-electric | powerscada_expert_with_advanced_reporting_and_dashboards | — | — |
| schneider-electric | powerscada_operation_with_advanced_reporting_and_dashboards | — | — |