CVE-2020-7545

EUVD-2020-28670
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
schneider-electricecostruxure_energy_expert
2.0
schneider-electricecostruxure_power_monitoring_expert
7.0
schneider-electricecostruxure_power_monitoring_expert
8.0
schneider-electricecostruxure_power_monitoring_expert
9.0
schneider-electricpower_manager
1.1
schneider-electricpower_manager
1.2
schneider-electricpower_manager
1.3
schneider-electricpowerscada_expert_with_advanced_reporting_and_dashboards
8.0
schneider-electricpowerscada_operation_with_advanced_reporting_and_dashboards
9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/