CVE-2020-7527

EUVD-2020-28652
Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
schneider-electricsomove
𝑥
≤ 2.8.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.se.com/ww/en/download/document/SEVD-2020-224-07/
https://www.se.com/ww/en/download/document/SEVD-2020-224-07/