Schneider-Electric Scadapack 7X Remote Connect vulnerabilities
4 known vulnerabilities affecting schneider-electric/scadapack_7x_remote_connect.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-7530HIGHCVSS 8.8≤ 3.6.3.5742020-09-16
CVE-2020-7530 [HIGH] CWE-285 CVE-2020-7530: A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders.
nvd
CVE-2020-7531HIGHCVSS 7.8≤ 3.6.3.5742020-09-16
CVE-2020-7531 [HIGH] CWE-284 CVE-2020-7531: A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 an
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user.
nvd
CVE-2020-7528HIGHCVSS 7.8≤ 3.6.3.5742020-09-16
CVE-2020-7528 [HIGH] CWE-502 CVE-2020-7528: A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.
nvd
CVE-2020-7529MEDIUMCVSS 5.5≤ 3.6.3.5742020-09-16
CVE-2020-7529 [MEDIUM] CWE-22 CVE-2020-7529: A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerabil
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.
nvd