CVE-2020-7547
published 2020-12-01CVE-2020-7547: A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_energy_expert | — | — |
| schneider-electric | ecostruxure_power_monitoring_expert | — | — |
| schneider-electric | ecostruxure_power_monitoring_expert | — | — |
| schneider-electric | ecostruxure_power_monitoring_expert | — | — |
| schneider-electric | power_manager | — | — |
| schneider-electric | power_manager | — | — |
| schneider-electric | power_manager | — | — |
| schneider-electric | powerscada_expert_with_advanced_reporting_and_dashboards | — | — |
| schneider-electric | powerscada_operation_with_advanced_reporting_and_dashboards | — | — |