CVE-2020-7547

CWE-284 — Improper Access Control3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 43.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Energy Expert Schneider-electric Ecostruxure Power Monitoring Expert Schneider-electric Power Manager +2 more

Timeline

PublishedDec 1

Latest updateMay 24

Description

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5ecostruxureª_and_smartstruxureª_power_monitoring_and_scada_software_(see_security_notification_for_version_information)EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)

▶NVDschneider-electric/ecostruxure_power_monitoring_expert7.0, 8.0, 9.0+2

▶NVDschneider-electric/powerscada_expert_with_advanced_reporting_and_dashboards8.0

▶NVDschneider-electric/powerscada_operation_with_advanced_reporting_and_dashboards9.0

▶NVDschneider-electric/power_manager1.1, 1.2, 1.3+2

🔴Vulnerability Details

GHSA

GHSA-c5c3-mf59-3rh5: A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notificat↗2022-05-24

▶

CVEList

CVE-2020-7547: A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notificat↗2020-12-01

▶