CVE-2020-7545

A CWE-284:Improper Access Control vulnerability exists in EcoStruxure and SmartStruxure Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
schneider-electricecostruxure_energy_expert
2.0
schneider-electricecostruxure_power_monitoring_expert
7.0
schneider-electricecostruxure_power_monitoring_expert
8.0
schneider-electricecostruxure_power_monitoring_expert
9.0
schneider-electricpower_manager
1.1
schneider-electricpower_manager
1.2
schneider-electricpower_manager
1.3
schneider-electricpowerscada_expert_with_advanced_reporting_and_dashboards
8.0
schneider-electricpowerscada_operation_with_advanced_reporting_and_dashboards
9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/